Image courtesy of blogtrepreneur.com/tech
It’s been causing panic among HR professionals, businesses and even data experts, and now the deadline is just two months away. But what is GDPR and how might it affect the HR industry?
GDPR – or the General Data Protection Regulation – has been causing concern due to its potential to shake up business’ data protection practices and cause legal headaches for HR departments across the country.
Part of the reason for the fear is also the fact that many employers simply don’t know what GDPR means.
In December, a survey of 1,800 European HR and payroll professionals by SD Worx found that remarkably 44% didn’t know what GDPR is.
Of course, this suggests that with almost half of the HR industry having barely even heard of the regulation, the percentage of HR professionals who have a plan in place to deal with GDPR is very low.
The same survey found that among those aware of what GDPR is, 55% see its impending arrival as a threat to the HR industry.
The deadline for becoming GDPR-compliant is May 25, 2018. The impact of the new regulations has been much-debated but the truth is that no-one really knows how it will change industries such as HR’s.
The UK already has complex data protection regulations, but GDPR will tighten these and force companies to be more transparent about their data practices.
Of course, as the department in a company that deals with information about its employees, HR professionals encounter a lot of personal data in their day-to-day work, so GDPR’s introduction will likely hit the HR industry harder than perhaps any others.
For HR professionals, GDPR means a delicate balancing act between protecting employees’ privacy rights and compiling the information that businesses need to operate efficiently.
Under GDPR, companies may require employees’ explicit consent to store and process ‘sensitive personal data’ – a term which encompasses all sorts of information, from religious beliefs to trade union membership.
Data subjects also have right to withdraw their consent at any time. One of GDPR’s most well-known clauses is the so-called ‘Right to be forgotten’, which gives individuals the power to access, correct and erase information about themselves.
Depending on the types and amounts of data they store, some companies may need to appoint Data Protection Officers.
All companies will need to report any data breaches to the Data Protection Authority within 72 hours if the data is unencrypted and identifies individuals.
All of these incoming regulations mean that HR departments will need to review their data collection, data protection and breach reporting practices in order to ensure they are GDPR-compliant.
In some cases, businesses will need to review exactly what information on their employees they collect, and whether it is absolutely necessary for all of this data to be collected.
The stakes are high, with non-compliant organisations facing heavy fines: companies could be fined up to 4% of their annual turnover for serious offences, with smaller fines issued for minor breaches.
Getting help with GDPR
SD Worx’s survey of 1,800 European HR professionals also found that 91% said they were likely to seek help from external organisations to help them become GDPR-compliant by the May deadline.
This is where PDW HR’s easy-to-use online HR software can help, by allowing your company to store all its data digitally and securely in a cloud back-up system.
For more information, read our post about how PDW HR’s software can help you become GDPR-compliant.