GDPR governs how personal information is managed to ensure it is handled respectfully and confidentially. You will likely handle a lot of personal information about your staff so having good data handling procedures is essential. This information could include addresses, phone numbers, employment history – the data held about employees will vary from business to business.
All staff must be made aware of the data that is kept on file about them and why it has been collected. Information should not be kept longer than is necessary before being destroyed and should be kept entirely confidential at all times.
Ensuring you are compliant
To ensure that you are complying with GDPR, you need to have a clear policy outlining how you handle data and make sure that staff are aware of this policy and can access it. If staff request access to the data, you should respond within a month. You also must inform the ICO within 72 hours if you think there has been a breach of personal data and inform the individual concerned.
GDPR is a large area and ensuring you are compliant will help to protect you from breaches that could have serious consequences for your company.
How does GDPR affect employees?
All companies must have a comprehensive GDPR policy and ensure that they are compliant with legislation. Failure to be compliant will result in large fines from the ICO. So how important is it to ensure that your employees understand GDPR too?
Your GDPR policy should outline very clearly how data is processed in your company. Ensuring your staff understand what ‘data’ actually is, is at the heart of this. Recording a message, name and phone number from a customer on a post-it note and leaving it on a desk may have been acceptable in the past, but is now a clear GDPR breach. Making sure that staff are aware of their own responsibilities in the wider company responsibility is key. Investing time in training your staff will avoid possible breaches due to misunderstandings.
You should also make sure that you appoint a Data Protection Officer who is responsible for data protection. Ensure that your staff are aware of who this designated person is so that they can approach them if they have any questions. They should also understand that they will need to report possible breaches to the DPO as soon as possible so that steps can be taken to inform the necessary agencies.
Support with GDPR
If you have any questions about GDPR and would like to make sure you are compliant in all areas of your business, get in touch to speak to one of our professional HR advisors and see how we can support you.