Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

General Data Protection RegulationLatest NewsData protection

Five policies HR needs to revise ahead of the GDPR

by Ashleigh Webber 23 May 2018
by Ashleigh Webber 23 May 2018

With Friday’s GDPR deadline looming, employers have undoubtedly been spending the last few weeks reviewing the data they store about their staff, clients and other parties to ensure they will not be in breach of the regulation when it comes into effect.

GDPR resources

How to develop and implement a General Data Protection Regulation (GDPR) compliance programme

How to manage the retention of employee data under the General Data Protection Regulation (GDPR)

While some might see preparing for the regulation as a box-ticking exercise, others would argue that making the commitment to protect employees and customers’ personal details is a good opportunity to win trust.

According to Juerg Birri, global head of legal services at KPMG, the GDPR provides a chance to “build a picture of how [an] organisation manages data, which has recently become a key element for company reputation”.

But as well as fulfilling their obligations to protect customers’ and suppliers’ data, employers also need to make sure their responsibilities under GDPR are communicated to their employees. Employees need to be aware of their rights as data subjects, as well as the role they play in making sure their employer is compliant.

Here are five policies HR needs to revise or implement to ensure their staff are up to speed with the changes:

1. Data retention and disposal policy

Employers need to be able to demonstrate that they store only the data they need and only for an appropriate period. One of the six privacy principles under the GDPR is “storage limitation” – i.e. the business can store and process only the data necessary for the purpose of carrying out a job, and for no longer than needed.

Employers should provide guidelines on the retention periods for certain information HR might hold about their staff. Its policy should include the measures the employer is taking to ensure the security of that data during the period it is retained, and how it will securely dispose of the data when it is no longer needed.

2. Privacy notice

Staff need to be informed about the data their employer stores about them, how it will be processed and details about the organisation’s lawful right to process it. It should also remind employees that their right to privacy will be respected by the organisation.

According to Eduardo Ustaran, co-director of privacy and cybersecurity at law firm Hogan Lovells, businesses should appreciate that data protection is a fundamental right.

“Success in this new era that is about to start will come from the acknowledgement that treating personal information responsibly is in everyone’s interests. Those who commit to this principle will see the GDPR as an opportunity and reap the true benefits of data,” he said.

3. Subject access requests policy

Data subjects – those whose data is held or processed by an organisation – have the right to make a subject access request to find out which information is held about them.

Employers should make their staff aware of some of the changes to the rules around subject access requests, including revised time periods for responding to requests (down from 40 days to one month after receiving the request), the information that needs to be provided in response to a request and the extent of the search.

4. Data breach reporting policy

HR departments need to inform their staff about the steps an organisation would take in the event of a data breach. This should be a comprehensive plan that follows the guidelines set out by the ICO, and include the need to report data breaches within 72 hours and inform the relevant parties.

5. Legitimate interests policy

According to law firm Taylor Vinters, employers might also consider putting a legitimate interests policy in place to remind employees of the situations where it has a valid reason for processing personal data – for example, it would need an employee’s bank details in order to pay them. It recommended that employers list the reasons for which they might legitimately process an employee’s data for the sake of clarity.

Ashleigh Webber
Ashleigh Webber

Ashleigh is editor at OHW+ and HR and wellbeing editor at Personnel Today. Ashleigh's areas of interest include employee health and wellbeing, equality and inclusion and skills development. She has hosted many webinars for Personnel Today, on topics including employee retention, financial wellbeing and menopause support. Prior to joining Personnel Today in 2018, she covered the road transport sector for Commercial Motor and Motor Transport magazines, touching on some of the employment and wellbeing issues experienced by those in road haulage.

previous post
Why it’s time to shake-up leadership training
next post
Median pay awards at 2.5% for fourth consecutive quarter

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

You may also like

Employment law changes for 2022 and beyond: update...

1 Jul 2022

What has cyber security got to do with...

29 Jun 2022

Queen’s Speech: Exclusivity contracts for low-paid workers to...

9 May 2022

Ikea France fined €1m for spying on staff

15 Jun 2021

Goldman Sachs orders staff to disclose vaccine status

11 Jun 2021

Rail staff falsely promised bonus in cyber security...

11 May 2021

Could a blockchain health record help HR handle...

15 Mar 2021

Employee surveillance: getting the balance right

22 Jan 2021

Ensure workers have right to privacy when work...

20 Jan 2021

Vaccination and data protection: What do employers need...

18 Dec 2020
  • NSPCC revamps its learning strategy with child wellbeing at its heart PROMOTED | The NSPCC’s mission is to prevent abuse and neglect...Read more
  • Diversity versus inclusion: Why the difference matters PROMOTED | It’s possible for an environment to be diverse, but not inclusive...Read more
  • Five steps for organisations across the globe to become more skills-driven PROMOTED | The shift in the world of work has been felt across the globe...Read more
  • The future of workforce development PROMOTED | Northumbria University and partners share insight...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+