Home About Us Flexible HR
Recruitment Benefits
HR Support
Contact Us

payroll services uk

employee development Contact Us
payroll services uk Subscribe to our Newsletter
employee development Send us your Question
Contact us on 01628 622722
payroll services uk
Subscribe to our newsletter
payroll services uk
Send us your Question
employee development
GDPR (General Data Protection Regulation) effective from 25 May 2018.

So (briefly) what is GDPR?

The General Data Protection Regulation (GDPR) aims to bring about a culture shift, changing the focus from regulating data processing activities (under the old Data Protection Act) to improving data security for more routine matters. GDPR requires ‘privacy by design’, meaning Companies will need to take an approach that promotes privacy and data protection compliance, rather than this being something that is considered as an afterthought or ignored altogether.

The GDPR’s data protection principles are similar to the ones under the Data Protection Act and Companies must be able to demonstrate that any personal data they handle is:

  • processed lawfully, fairly and transparently
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and kept up to date where necessary
  • kept for no longer than is necessary where data subjects are identifiable
  • processed securely and protected against accidental loss, destruction or damage.

So recruitment processes, performance management & bonus schemes, disciplinary and grievance procedures and any auto-processing, or use of employee data for marketing purposes, will need to reflect the new data protection principles.

There will also a requirement for greater transparency on Companies who will need to provide more information on what data they hold and what they do with that data, both for those inside the organisation, such as employees, and those outside it, such as customers or clients.

Companies will need to be able to demonstrate their compliance to the regulators (the Information Commissioner's Office in the UK) on an ongoing basis and to maintain relevant records and individuals will have significantly increased rights to access their personal data. Companies will also be required to notify the ICO, and any individuals affected, if certain types of data breaches occur.

The most significant change for employers is the increased fines as breaches of GDPR may be subject to fines of up to €20M, or 4% of global annual turnover, whichever is the greater.

From an HR point of view, obtaining consent from employees to process their personal data will become much stricter and employers are unlikely to be able to rely on this consent for processing employees’ data. So the new requirements means that generic consents, for example, in an employment contract will not be a valid way to justify processing employee personal data and new systems and paperwork will be needed.

So what do you need to do?

  1. Carry out an audit to identify any data protection risk areas with a view to creating a data protection by design and default culture.
  2. From the audit prepare an action plan that specifies what needs to be done when, who will do what and any internal and external support required.
  3. Consider what documentation must be prepared or updated
  4. Review policies, processes and documentation and decide which need to be changed
  5. Carry out some employee training to reinforce the changes
  6. Consider what needs to be shown to whom to demonstrate compliance.
  7. Appoint a data protection officer to be in charge of all aspects of information including compliance with the Data Protection Act 1998.

In2HR audit

I have compiled a GDPR audit to undertake with clients which looks at the following:

  • what personal and sensitive personal data you obtain from employees. This could be as simple as payroll information that is sent to your pension provider or less obviously, data that is collected from vehicle tracking systems which is then analysed internally
  • how and where that data is stored, accessed and used, and the legal basis the Company has for collecting, storing and processing each piece of data it holds
  • what data is shared with third parties including any data transfer out of the EEA
  • what kind of monitoring of employees takes place and where, including the use of automated decision making

Get in touch if you want my help to get started or have any questions about data you collect and whether it is covered under GDPR.

1 Jones House
High Street
Tel +44 (0) 1628 622722

payroll services uk

We can help you hire and retain the best employees, manage your employees more successfully, and improve employee motivation. Whatever your HR outsourcing needs, In2HR can assist any company within the Thames Valley areas, including Berkshire, Buckinghamshire, Oxon and Surrey. So why not contact us today.

employee development
in2hr.co.uk  2 Teaseltun  Fleet  Hampshire  GU51 5BY  Tel 07917-358547
Copyright © in2hr.co.uk | Site Map | Registered in England 5399533