With GDPR (General Data Protection Regulations) coming into effect in May 2018, Human Resource Departments are gearing up for fundamental changes to Data Protection regulations.
Below are some of the key changes that GDPR brings in which are particularly relevant for HR teams:
1. The conditions for obtaining valid consents are becoming much stricter. Employers should be wary of relying on blanket consent wording in an employment contract.
2.Increased transparency obligations, with emphasis on ensuring data subjects (workers, employees, consultants) know more about their rights, such as stronger subject access rights and the ‘right to be forgotten’.
3. A greater emphasis on privacy requirements. It is useful to have a Privacy Policy.
4. A new principle of ‘accountability’ is also introduced, requiring businesses not only to comply with the GDPR principles, but also to be able to demonstrate how they comply.
5. An obligation to notify the appropriate regulator (the Information Commissioner’s Office (ICO), in the event of a data breach within 72 hours if feasible.
In our next blog we will look at the documentation to put in place in good time for the new GDPR.