Ready to tackle GDPR in the New Year? We can help you!

December 21, 2017

We all by now know that the General Data Protection Regulation (GDPR) is an incoming set of rules governing how the data of EU citizens is collected, stored, and processed, but what does it mean for businesses like yours?

What is GDPR?

The aim of the GDPR is to give EU citizens more control over how their data is handled. Businesses are required to ask a person before collecting their data, specify how they will be using the data, and who will have access to it. Data can then only be retained for a limited period. Ultimately, the rules aim to restore public confidence.

What about Brexit?

The GDPR will come into effect before the UK has left the EU. UK politicians have also indicated that any future data regulations will look very similar to the GDPR.

Will my business have to comply with the GDPR?

Any business or organisation that processes or controls data belonging to citizens residing in the EU must comply with the new rules.

When do I need to be compliant by?

Adhering to the rules specified in the GDPR will become mandatory for UK businesses on 25 May 2018, and businesses that fail to comply may face heavy fines.

What are the main implications?

1. Data retention

◦ Businesses must only hold data for as long as is necessary, and must only use it for the purpose for which it was obtained. This means, for example, that data obtained from unsuccessful job applicants should be deleted at the end of the recruitment process. If an HR team wants to hold onto data for other purposes, they must expressly ask for the user’s permission.

◦ When data is retained, it should be stored in an encrypted format to reduce the likelihood of a successful cyber security breach.

◦ The rules also apply to employees in your business. If an employee leaves the business or is fired, you can only keep a limited portion of their data.

2. Purpose limitation

◦ Data should only be used for its intended purpose, and not shared outside of the company.

3. Data security

◦ All client or user information that your business handles should only be shared on a need-to-know basis.

◦ This means your staff should not be able to access an individual’s or company’s records unless they are specifically working on them.

◦ If data is being processed or stored remotely, your company must take steps to ensure that the third party has adequate security procedures.

4. Transparency and accountability

◦ Companies must share details of how they collect, process, and store individual’s data.

◦ They must also make a person’s data available to them if they request it.

How do I prepare for the deadline?

The Information Commissioner’s Office suggests that the first step for preparing your business for the GDPR is to arrange GDPR awareness training for your staff. The training should teach them how they should collect, handle, and process data, and about the key principles of GDPR such as purpose limitation and confidentiality.

Integrated Resources has teamed up with Yellow Room Learning, a leading provider of Cyber Security, Data Privacy and GDPR Awareness Training, to help bring your employees up to speed.

Please get in touch if you would like support in getting GDPR-ready.

Get free HR updates

Receive expert advice and free HR resources from our team by subscribing to our newsletter today.

Start a project today

contact us

Updates on the go

Get free HR updates and expert advice from the team at Integrated Resources:

Start a project today

contact us

Trusted for HR outsourcing across sectors

Show more clients
Fill out your details and subscribe below to receive HR advice & free resources direct to your inbox.
Fill out your details and subscribe below to receive HR advice & free resources direct to your inbox.
Thank you for signing up to receive updates from Integrated Resources!
Oops! Something went wrong while submitting the form. Please check you have entered all your details correctly and try again.