GDPR for Hiring Managers: 5 Things You Need to Know
There is lots of concern regarding the new General Data Protection Regulation (GDPR) for hiring managers and HR teams across the UK. With the new regulations to be enforced on the 25th of May, 2018, there isn’t much time left to get up to speed.
With heavy fines for non-compliance and data breaches – which could cost companies 2 million euros or 4% of their global turnover (whichever is highest) – companies of all sizes are preparing for compliance under the new GDPR regulations.
Lots of small UK firms don’t believe GDPR affects them; and with Brexit looming, some aren’t paying much attention to it as they feel it’s too much hassle for what could be a temporary change of processes. Either way, a laid-back attitude to GDPR is dangerous. It affects companies of all sizes, and failure to comply could mean major damage to your bottom line and reputation.
Why is GDPR happening?
Companies are stacking up monstrous amounts of personal data like never before. With plenty of high-profile data breaches, people are understandably concerned about cybersecurity and what companies are doing with their data.
From tech giants such as Google and Facebook to your favourite smartphone applications, the lack of data guidelines has allowed people’s personal data to be misused or neglected.
GDPR is being launched to make companies accountable for protecting people’s data with a new set of regulations, and to give people more control over the information companies can retain.
How will GDPR affect hiring managers?
GDPR will have serious implications for HR and staff management as companies will need to have more flexible systems for their data storage. For all employees both current and former, plus any data stored from past vacancy applications, you must have a valid reason for keeping all data in your system.
Let’s take a look at five key changes that hiring managers will need to prepare for in order to remain compliant under GDPR.
GDPR for Hiring Managers: 5 things you need to know
1. All employee data will need to be justified
Moving forward, you will need to be transparent as to why you are collecting data and how you are going to use it. This is to ensure all data you keep is connected to an employee’s role at your company. If the data has no connection to their role at your company, you shouldn’t be storing it.
2. You can’t permanently retain personal data
Personal information can only be kept if it’s required. Any information belonging to ex-employees, plus CVs stored from past applicants, will need to be deleted. If you are to keep hold of people’s data, your reason for doing so will need to be justified to avoid a penalty.
3. Right to amend data
GDPR gives your past and present employees the right to amend their data at any time. This is one of the most challenging aspects of GDPR as some companies don’t have a centralised record system in place, which will make this one of the most time-consuming tasks under the new GDPR regulations.
4. Right to remove data
People will have the right to have all of their data removed from your data system. However, there are a few things to take into account before any requests are actioned, such as tax purposes and legal disputes etc.
Each case needs to assessed before any data is removed, so HR teams should have prepared GDPR guidelines to follow so that each request is handled accordingly.
5. Breach notification
Should you be hit by a data breach – whether it be a cyber attack or physical data (paperwork or hard drives etc.) be stolen – breaches must be reported to the Information Commissioner's Office (IPO) and any individuals affected.
HR must keep an internal data breach register to record any data breaches that occur. Your staff must be well-trained for data breach procedures, as your register will be inspected by the IPO should a data breach occur.
Not only that, a security breach/data mismanagement are devastating blows to a company’s reputation; as TalkTalk and Facebook both found out, the media and all those affected will demand immediate answers and assurances that you are doing all you can to rectify the situation.