“Useful and informative” was the feedback from delegates at our GDPR workshop, in conjunction with Lancaster Chamber, on the 2nd May. If you too would like a little help from a friend read on:
There are risks in not complying with GDPR, of which fines may be the least likely from an employers perspective. Excessive hassle and reputational damage are two of them.
The main steps are (relatively simple):
What
An important starter is identifying the categories of personal data that you hold. A brief audit and some searching questions is the best answer and we can help with that
Why
You also need to be clear why you are holding each category of personal data. As an employer you probably have good reason for the data you hold on employees, but you may need consent in some cases. We can talk that through with you.
Where
You must know where the personal data is stored and how you will keep it secure. There are a few risks to watch here – not least your employees! We can provide a short staff training workshop to ensure employees are properly informed and fully aware of the main security risks.
Who
It is important to know who will have access to, and be responsible for the security of personal data. Most of it will need to be disclosed to specific staff members (to pay employees for a start) but controlling (restricting) that disclosure is crucial to complying with the GDPR. For the most part you should already be covering this under Data Protection but there are a few nuances with which we could help.
When (and how)
Making a sound decision about how, and especially when to destroy data is central to the GDPR. There is guidance available.
Lastly and crucially
You need to prepare a privacy statement so employees are informed and know the who, what and why of their personal data.
See your way through the maze, get in touch.
Malcolm Martin FCIPD
Author Human Resource Practice