GDPR Rule Effect on HR
As the human relations specialist, you need to know what is happening within your organization at all times. In most scenarios, this means having everyone’s personal information. This information includes names, pictures, email addresses, bank details, among other others. However, as a professional also need to be careful when handling peoples information and this is where the GDPR comes in.
The GDPR or the General Data Protection Regulation is all about keeping personal data safe. This is a regulation passed by the EU, which limits some of the things companies can do with personal data while at the same time increasing the control individuals have over their data.
What Exactly Is GDPR?
The GDPR is a regulation that was drawn up in 2016. However, companies were given up to May 2018 to comply. The fact that this is a regulation means that it does not need to be changed into legislation for it to take effect. The purpose of drafting this law is to protect consumer data collected for people living in the EU, while at the same time harmonizing the statutes across these counties pertinent to data protection, collection, and use.
As a USA company, you may not see how this regulation applies to you. However, as long as you have employees residing in the EU, or are doing business with people in that region, then you will need to strive for compliance. You need to remember that this regulation does not only apply to financial transactions. It will take effect as long as you are collecting or handling the personal data of people residing in EU member countries.
What You Need To Know About Compliance
To comply with this regulation, you need to understand the following:
- An individual has the right to access and move their data at their leisure. At most they will need to do is give you a month’s notice.
- An individual has the right to correct their personal information if they find it to be flawed. Additionally, if they no longer think it is relevant, they can request to have it deleted.
- Under this regulation, people have the right to be informed when data is being collected and for what it will be used. Additionally, they have the right to limit processing. Meaning you can gather their information, but they can also dictate how you can or cannot use that data.
- In the event of a breach, you have to notify the people whose information you have collected, stored or processed, within 72 hours.
After Understanding This, You Can Take the Following Steps:
- You will need to do some data mapping to determine where your information comes from as well as what you do with it. This way, you can figure out who will be affected by the GDPR.
- Most companies collect as much data as they can, and then sift through it to determine what is relevant. You may need to stop doing this. Primarily, you should decide what data you require and what you need to keep from what you currently have stored.
- You have to boost your security protocols. Under this regulation, you have no room for mistakes. This is because a breach in security can cost you money in the long run. This will be necessary whether you handle the work yourself or if you outsource it.
- Have a professional review your privacy statements and documentation. This is because you need to have actual consent from individuals before you collect their information.
What This Means for HR Personnel
Most heads of human resource need to have the information of all the firms’ employees for the efficient running of the company. However, with this regulation how they obtain and handle this information will need to change. While this might be a bit complicated due to the hierarchy system, employees will still need to give consent for employers to access and store their information. The HR personnel will also need to regularly ensure that the data they have on employees is correct and up to date.
Most people are in the habit of overlooking regulations. However, do not make this mistake with the GDPR. There are two different fines under this regulation. One will cost you 2% of your annual income, or about 10 million Euros if you do not report a breach within 72 hours of noticing it. The second is the actual breach of personal data. For this, organizations will need to pay 4% of their annual turnover or 20 million Euros.
To Know More About Edupliance, Visit: