Practical Solutions On GDPR

Claire Vane
March 19, 2018

Avoidance on GDPR is just not possible. Here are ten practical areas for your business to think about as the May 25th 2018 deadline approaches:

Raise staff awareness

Raise awareness amongst your staff of GDPR, now. Top management must own this piece of compliance. It takes time and you must be ready by May 25th 2018. It requires planning, documenting, and is not just an HR issue.

Do a data audit

Find out what data exists, where it is, how it is collected and what is done with it. Is it disposed of or kept, and is it secure? Can you detect if there is a breach and, if so, how will you investigate and communicate such a breach?

Consider the 'why' behind your data collection

Analyse the reasons for each and every category of data that is collected and consider why it is collected.  Is it actually used, or does it sit dormant somewhere? If so, why? Consider how long you keep different categories of data for, if, when and why you delete it, and the reasons for retention. Be careful of sensitive or special category data. 

Examine consent and security

Which parts of the data protection principles are you going to rely on to ensure legal compliance? What sort of consent are you seeking and using? What are you going to do if consent is withdrawn? If you process data and collate it for statistical purposes – i.e. for equal opportunities monitoring - are you using passwords or encryption? What are you going to do about remote workers and security?

Review your policies

You will need to review and update all your contracts and policies. Blanket consents, which are currently fine, will be high risk under GDPR. All workers, whatever their status, need to be guided through policies and privacy statements, ensuring that rights are communicated with regard to retention, security, erasure, destruction and record-keeping. Other policies within your handbook will also need revising.

Check who is responsible

Is there complete clarity on who is responsible for each stage of data processing so that the law is complied with? Do employees know how to use their rights easily?

Think externally as well as internally

What are you going to do about your relationship with external contracts and processes in relation to GDPR? What third party services do you use? Have their data protection obligations been set out by them? There are many areas of concern: payroll, IT, occupational health, etc. 

Consider the HR implications

With regard to those who are in charge of compliance, what steps are you taking to make sure they are able to perform their role fully and well?

Set up training sessions

Have you set up adequate training and communication within the organisation to cover all staff and stakeholders? 

Establish long-term monitoring

GDPR is not a one-off activity. It is here to stay. Do you need to introduce regular (annual) audits to ensure you remain compliant? How are you going to update staff? What are you going to do with new starters? Who will check up on ICO guidelines?

Sounds like a lot of work. This is true, but absolutely necessary and can be broken down into manageable pieces, step-by-step.

The team at Integrated Resources can help. Please get in touch if you need advice planning your GDPR approach.

Get free HR updates

Receive expert advice and free HR resources from our team by subscribing to our newsletter today.
Claire Vane

Claire is the Managing Director and Founder of Integrated Resources. She is passionate about releasing potential in individuals and organisations.

Updates on the go

Get free HR updates and expert advice from the team at Integrated Resources:

Start a project today

contact us

Trusted for HR outsourcing across sectors

Show more clients

Start your own project with us Today

contact us
Click the button below to receive HR advice & free resources direct to your inbox.
Click the button below to receive HR advice & free resources direct to your inbox.
Subscribe