General Data Protection Regulations (GDPR) – Key action points for HR practitioners.

HR professionals have control over some of the most sensitive personal information an organisation holds, which makes preparing for the GDPR a daunting task. To get you started, here are some key action points to take sooner rather than later.

About the author

+44 (0)20 7556 1453

Coming into force in May 2018, the GDPR will be applicable to all UK organisations and the Government has indicated that it will apply to UK employers. The GDPR places greater obligations on employers to inform employees about how their personal data is processed, as well as, to justify their grounds for doing so. There is only a short time remaining to ensure compliance, so it is critical for HR professionals to undertake an in-depth review of all existing policies and procedures which concern HR data and to assess the implications of the GDPR for them. The significance of the GDPR cannot be underestimated.

Have you got permission? 

Under the GDPR an employee is able to withdraw their consent to process personal data as easily as they give it. In light of this, it is unlikely that blanket data protection consent clauses, often seen in employment contracts and policies, will meet the new requirements. To rectify this, HR professionals will need to review the basis blanket clauses relied on for processing employee data and consider whether they are still appropriate.

Update, update, update

In order to satisfy regulations organisations may need to update their employment contracts, including those for existing employees, as well as create consent forms specifically about the GDPR.

In the event of breach, act fast 

In the case of a data breach employers must notify the relevant supervisory authority within 72 hours of becoming aware of the situation. Where it is likely to result in a high risk to rights and freedoms, employees must also be notified “without undue delay”. As a result, safeguards to data processing activities will need to be established and clear processes for notifying breaches created.

Training & awareness

Recent judgements by the Information Commissioner have highlighted and punished organisations for the lack of training and awareness about the existing regulations. This is likely to become an ongoing theme, especially in the run up to the introduction of the GDPR. It is essential that organisations consider a comprehensive awareness campaign both with decision makers to prepare for the change and all those having access to personal information. There is an expectation that it is covered in employee onboarding and continual training programmes.

Stakeholder buy-in is a must

In order to comply with the new regime, it is likely significant changes for organisations will be required to ensure there are adequate systems, contractual provisions, and training in place. ‘Buy-in’ from a range of internal stakeholders is going to be essential. With penalties of up to 4% of worldwide turnover or €20m (whichever is greater) in addition to the effects a breach could have on an employer’s reputation, we strongly recommend compliance at all levels to be an urgent priority, particularly for HR professionals.

Requests for information

While subject access requests (SAR) exist in the current legislation there will be a reduced window to respond under the GDPR. It is highly possible that HR teams will be the first port of call for information requests, for example unsuccessful applicants, ex-employees, grievance and termination processes. HR teams need to have a robust and tested process for dealing with requests in the calendar month deadline.

If you're unsure about how the GDPR will impact your organisation or if you need some help getting your head around where to start, please contact enquiries@buzzacott.co.uk

You might also be interested in… HR advice for businesses.

Our HR services are designed to scale up to meet your needs exactly. Whether you need to create a best-practice HR strategy, or find fitting ways to nurture your people, our support means you won’t have to worry about smashing any crockery.

HR advice to help you thrive

We help everyone from nuns to hedge funds. Use us as a seamless bolt-on to support your existing HR team. Or we’re happy to take the reins if you want to outsource all or part of your HR. The same goes for Learning and Development. And when you run into issues – personal or personnel –  you can resolve them quickly and effectively with us on hand.

Where there’s an HR strategy, there’s a way

The best HR approach matches the needs and goals of your whole organisation, not just its people. Work with our HR team to design a strategy that grows with you. In fact, work with all of us – you can consult other Buzzacott specialists whenever you need to. We’re all under one roof.

HR compliance made simple

Our specialist HR consultants understand best practice across multiple sectors, from charities to manufacturing to media. Don’t have the time or manpower to keep up with ever-changing HR regulations? We’ll save you time and keep you legal, while you get on with business.

Learning and Development

Our learning and development teams can help your people become the best they can be, through executive coaching, our Leadership and Management Skills Series, or other training and support that we can tailor specifically to your business. 

Download these useful resources

What is coaching?

Preparing for a coaching chemistry meeting

What is mediation?