General Data Protection Regulation (GDPR)
We provide both best practise advice and tailored documentation to assist our clients with their everyday human resource needs. Documentation can include customised contracts, policies, procedures, disciplinary sanctions, etc. which are tailored to our client's specific business needs. All documentation incorporates best practice standards and are up to date with all relevant employment legislation. Our templates are consistently reviewed and updated in line with legislative changes to ensure our clients receive accurate, timely and relevant information.
The General Data Protection Regulation (GDPR) will come into force from 25th May 2018, replacing the current data protection framework under the EU Data Protection Directive. The primary objective of the GDPR is to enhance data subject's rights in controlling their personal data which delivers greater rights to data subjects and greater responsibilities to data controllers and processors.
This regulation imposes new obligations and stricter requirements on all organisations involved in the processing of personally identifiable data, emphasising transparency, security and accountability. In relation to your company's HR department, the new legislation should not be underestimated as it directly affect most companies due to the personal data which we are obliged to retain as employers. It is essential to take measure to ensure your HR Department is compliant in line with the new legislation.
Failure to comply with the directive will result in large fines of up to 20 million euro or 4% of total annual global turnover (whichever is greater) and private claims from the data subjects along with significant reputational damage.
THE HR SUITE GDPR AUDIT
Accountability and showing that your organisation has taken a risk management proactive approach to managing personal data in your organisation is key to showing your compliance with this legislation. Therefore the first step in any GDPR action plan should involve an audit of personal data collected and held by an organisation, to map out how personal data flows through their organisation and systems. Given the significant volume of personal data held by any HR department, it is essential that this audit is conducted and it will allow for an action plan to be drafted and implemented as a result.
Our audit is a questionnaire-based approach which focuses on the flow of personal data within and outside the organisation in relation to HR documentation. The majority of questions will be typically structured around any one or several of the 8 data protection principles:
- Fair obtaining and processing of personal data
- Ensuring data is kept for one or more specified, explicit and lawful purposes
- Disclosure / further processing / transfer of data to a Third Country
- Ensuring the data processed is accurate, complete and up-to-date
- Ensuring the data processed is adequate, relevant and not excessive
- Data Retention: ensuring personal data is kept for no longer than necessary
- Safety & Security of Data
- Access Requests
You will have a detailed report of all the personal data associated with your HR department and a proactive action plan with gaps identified and clear recommendations on how you need to address any potential risks. This will ensure you are compliant going forward with the legislation and have a best practice approach to managing your HR in line with the GDPR legislation.
Call us today to discuss further.
If you are interested in our HR Consultancy service or want to know what The HR Suite can do for your business please contact us on (066)7102887 to discuss.