GDPR: What HR needs to know

Geir Darge · 08 May

The countdown has begun. On 25th May GDPR will become regulatory law throughout all member states of the European Union.

The watershed testimonial of Mark Zuckerberg to Congress and the scandal surrounding Cambridge Analytica have heightened the demand for good and honest data practices. As such, the EU’s pipeline initiative to create a set of “data rights” couldn’t be better timed.

The change is set to be radical – the biggest since the creation of data law itself, signalling a paradigm shift in accountability.

However, despite the hum of activity around GDPR, there’s a surprising lack of consensus around what it means for HR departments and employers on a practical level.

Is it a storm in a teacup, or is there real cause for concern?

The bare bones of it

GDPR stands for General Data Protection Regulation and basically does what is says on the tin.

It’s a new set of laws characterised by three major changes: greater transparency, increased consent regulations and heightened personal autonomy. For a deeper dive, check out EU’s overview of the key changes here.

In essence, it means that our personal data is handled responsibly and, perhaps most importantly, that we’re aware when our data is being used.

What does this mean for HR?

While the bulk of the changes will affect customer-facing departments, there are four things every HR team needs to do before 25th May.  

1. Get emailing

HR has a job on its hands. A recent PeopleHR study found that only a quarter of workers in London are aware of GDPR, and just 16% are prepared for the change. Let’s remind ourselves that under the new laws, much of the data your company stores might become illegal.

Everyone in your company’s database needs to have explicitly opted to receive your communications. But ensuring this is unlikely your job. Your job is ensuring management are on the ball, as a thorough review of company policy needs carried out.

2. Ensure your systems are up to date

Tighter security is a general theme throughout GDPR. Have a word with your tech-heads to ensure your systems are properly encrypted and data storage is up to scratch.

Consider the security of your employees – do they use two factor authentication, are passwords secure enough?    

3. Educate your staff

Remember this applies to everyone. And with so few of us adequately prepared, it’s highly advisable to set up some form of training for the relevant parties. This is particularly important for your colleagues over in marketing who will need to overhaul many of their practices around mailing lists and email marketing.

4. Clean-up employee data

Gone are the days of stalking the social media accounts of potential employees. GDPR will see a strict curtailing of HR’s right to collect personal data. From now on, information about all current and potential employees can only be procured with explicit consent and on a need-to-know basis. On top of this, personal data can no longer be kept and reused – it can only serve it’s explicit purpose. In other words, your database needs a good trim.  

Despite the plethora of considerations it’s important to remember that the purpose of GDPR is to regulate data harvesting, not to outlaw it. Of course there will be a number of immediate changes needed, however once the infrastructure has been drawn up, it’s business as usual.  

To find out more about Perkbox, the UK's fastest growing employee engagement platform, download the brochure here

You might also like...

Hop on our mailing list...

And have our very best HR insights and company news sent straight to your inbox. You won't regret it.