Many HR professionals will have spent months preparing for the General Data Protection Regulation (GDPR). Now it is finally in force, they will know that compliance will involve their ongoing attention.
The GDPR requires employers to be able to demonstrate that their policies and practices comply with the new data protection regime. Some organisations will be required to have a Data Protection Officer (DPO) in place, with responsibility for overseeing compliance. The role of the DPO and the detail around which employers need to appoint one are covered in one of the FAQs featured in May’s top 10.
A new requirement brought in by the Data Protection Act 2018, which supplements the GDPR, is that an employer processing special categories of personal data will usually need a specific policy on how it will handle this data. The most popular FAQ on XpertHR in May looks at what the special categories of data are and when employers can process them.