At Integrated Resources we are hard at work with GDPR and supporting our clients through their preparation. Many feel they are well on track, but I have noticed some concerning gaps - there are those that think that because they don’t transfer business out of the UK, they are exempt.
GDPR, whether we like it or not, affects all of us: customers, workers, employers, suppliers, website users; the list is long. There are seven principles that need to be adhered to.
GDPR affects the processing of personal data and is designed to protect individuals and their fundamental rights and freedom. Personal data is defined as information relating to any identified or identifiable living individual. The seven data protection principles are as follows:
In the field of employment, there are four lawful conditions for processing data. The principles for GDPR around employment are echoed in relation to other stakeholder groups.
There are some important issues about consent, of which you need to be aware. You can’t have a wide blanket consent, as has been the case within current data protection legislation. The onus is very much on the employer to show that an employee has given lawful consent.
The sad fact is that energy and time, and therefore cost (hidden or overt), is going to have to be spent on GDPR, as the fines are eye-wateringly high.
In essence, there are 10 robust and practical steps to be taken. We will be releasing a video in the week following this, to recap on some key features that are necessary for you to be aware of, with actions that require implementation.
We have spoken to so many clients who have their external GDPR principles in place, but not their internal staff -related GDPR activities. Some employers are thinking it’s a job for HR and therefore management don’t need to take notice. Some feel that they have plenty of time to do what is necessary, but the clock is ticking.
We will publish 10 practical steps and release a short film snapshot in our next bulletins. In the meantime, please don't hesitate to get in touch if you would like to discuss GDPR with one of our consultants or to learn how Integrated Resources can guide you through the upcoming changes.