The countdown has begun. On 25th May GDPR will become regulatory law throughout all member states of the European Union.
The watershed testimonial of Mark Zuckerberg to Congress and the scandal surrounding Cambridge Analytica have heightened the demand for good and honest data practices. As such, the EU’s pipeline initiative to create a set of “data rights” couldn’t be better timed.
The change is set to be radical – the biggest since the creation of data law itself, signalling a paradigm shift in accountability.
However, despite the hum of activity around GDPR, there’s a surprising lack of consensus around what it means for HR departments and employers on a practical level.
Is it a storm in a teacup, or is there real cause for concern?
GDPR stands for General Data Protection Regulation and basically does what is says on the tin.
It’s a new set of laws characterised by three major changes: greater transparency, increased consent regulations and heightened personal autonomy. For a deeper dive, check out EU’s overview of the key changes here.
In essence, it means that our personal data is handled responsibly and, perhaps most importantly, that we’re aware when our data is being used.
While the bulk of the changes will affect customer-facing departments, there are four things every HR team needs to do before 25th May.
HR has a job on its hands. A recent PeopleHR study found that only a quarter of workers in London are aware of GDPR, and just 16% are prepared for the change. Let’s remind ourselves that under the new laws, much of the data your company stores might become illegal.
Everyone in your company’s database needs to have explicitly opted to receive your communications. But ensuring this is unlikely your job. Your job is ensuring management are on the ball, as a thorough review of company policy needs carried out.
Tighter security is a general theme throughout GDPR. Have a word with your tech-heads to ensure your systems are properly encrypted and data storage is up to scratch.
Consider the security of your employees – do they use two factor authentication, are passwords secure enough?
Remember this applies to everyone. And with so few of us adequately prepared, it’s highly advisable to set up some form of training for the relevant parties. This is particularly important for your colleagues over in marketing who will need to overhaul many of their practices around mailing lists and email marketing.
Gone are the days of stalking the social media accounts of potential employees. GDPR will see a strict curtailing of HR’s right to collect personal data. From now on, information about all current and potential employees can only be procured with explicit consent and on a need-to-know basis. On top of this, personal data can no longer be kept and reused – it can only serve it’s explicit purpose. In other words, your database needs a good trim.
Despite the plethora of considerations it’s important to remember that the purpose of GDPR is to regulate data harvesting, not to outlaw it. Of course there will be a number of immediate changes needed, however once the infrastructure has been drawn up, it’s business as usual.
To find out more about Perkbox, the UK's fastest growing employee engagement platform, download the brochure here.
Have these nuggets of HR gold delivered straight to your inbox once a month. Just pop your email address in below.
Thanks for subscribing