The GDPR is part of the EU Data Protection Regulation and it will replace the existing Data Protection Directive (add in date of directive). The aim of the new regulation is to standardise and strengthen the rights of European citizens to data privacy. This means that any organisation that deals with people’s private data must meet new standards of transparency, security and accountability.
The onus is on data controllers (employers) and processors (HR) to identify potential compliance issues within their organisation, to analyse the private data that is currently being held by the organisation, and to review the consent procedures by which employees agree to the retention of their personal data.
WHAT DOES GDPR MEAN TO HR?
From an employer perspective, ‘Data Protection’ is often seen as confusing, low risk and on occasion an annoyance to a busy HR professional or business owner. However, the new regulation is one of the largest and most significant developments in EU Data Protection legislation since 1995, coming into force May 25th and employer’s will be expected to comply immediately.
Under the new regulation, employees (data subjects) will have far greater rights and organisations must implement processes to adhere to these rights, such as:
- The right to be forgotten
- The right to block or suppress processing of personal data
- The new right to data portability
- The right to rectification of data that is inaccurate or incomplete
- The right to be informed how personal data will be used (and Subject Access Requests)
- Breach notification
A streamlined and modern HR and Employment Law landscape will make it easier for an organisation to ensure compliance and the ability to deal with GDPR related requests.