GDPR; Are Your HR Policies Compliant?
Posted on
There has been lots of buzz around the new GDPR regulations that come into force in the next few weeks. As we all navigate the new laws it is important that you consider how compliant your HR policies are, as well as how you process and store your employee’s personal information.
It is important that you document your processes clearly and that your policies are reflective of this new legislation, which can feel like a bit of a headache. There are a number of things to consider from a HR point of view and we have listed some of these below.
At HR2day our focus is on delivering transparent and value led services, with no hidden charges. Whilst some HR companies are offering GDPR compliance packs which cost hundreds of pounds, we recognise that this is critical and it is our job to keep you compliant, so all the appropriate amendments required relating to GDPR are completely free for our clients, in fact, they have already been completed. So, if you want to remove hidden costs and ensure you are compliant drop us a line to discuss how we can help you.
Things To Consider:
- You need to have an explicit and legitimate interest to collect data. If you are recruiting or employing someone this would count as a legitimate interest. Even with this however, you need to consider other aspects of GDPR and gain consent.
- In additon to the above, you must still ask for consent if you require sensitive data like equality information.
- You must let candidates and employees know how you are using their data and how they can ask you to change or delete their data).
- You must allow employees to access their data within one month of a request.
- Consider using a HR system to store information securely (We are launching our new system very soon so contact us for more information or watch this space for more details).
- Ensure you are clear on how long you can keep employee and candidate data on file.
- Any criminal record checks must also be done in accordance to the legislation. There must be a legitimate reason for the check. GDPR means that any standard policies of checking all staff may no longer be compliant (even if consent is sought).
- If you are subject to a data breach you must notify those affected within 72 hours of you becoming aware of it.
- You must consider using encryption for any electronic data or emails.
If you have any questions please contact us on 01325 288299 (option 2)