Preparing for GDPR:
10 Top Tips for Employers
The General Data Protection Regulations are due to come into effect on May 25 2018 and will bring a strict set of new rules concerning privacy and data security, while imposing penalties on businesses which violate them. While the imminent regulations are already causing a stir for employers, a recent survey has revealed that less than half of organisations are familiar with the implications the changes could bring. GDPR will affect anyone holding data on EU citizens including employers and business owners of any size and applies to all EU organisations and to any organisation outside of the EU, which processes personal data on an EU national.
- Make sure people in your business know that the law is changing.
- Create a register of the personal information you hold, where it came from, and who you share it with.
- Review the current privacy notices for the data you store and prepare to change them for GDPR.
- Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
- Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
- If someone asks you to remove their data, make sure you can prove you’ve done so.
- Put in place a process for handling requests for any of the data you hold, including how quickly you will respond, how you will provide it, and how you will assure requesters that they own it
- Decide if you need a system for identifying the age of individuals and whether you need parent or guardian consent.
- Have an emergency plan in case you lose data or someone steals it.
- Nominate a responsible person to be your Data Protection Officer or representative, as applicable.