GDPR is coming – is your SME compliant? Read our HR checklist to see what you have to do between now and 25 May.
Written by Simon Morgan, HR Dept South East London and North Kent
The General Data Protection Regulation becomes law on 25 May 2018 and if you haven’t already done so, you’ll need to make changes to your business to ensure that it complies. While there is a lot of overlap between the GDPR and existing data protection law, there are some new obligations which will require you to take action.
Read our GDPR checklist for HR to help you focus your efforts.
1. Nominate someone to take responsibility for data protection– you may not have a dedicated data protection officer, but you will need to assign responsibility to a specific individual or team.
2. Conduct a data audit – the starting point for GDPR compliance is understanding exactly what data you hold, why you hold it, how you process it, and how it is kept secure.
3. Create a data register – record the outcome of your data audit in a single place. This will help you to demonstrate GDPR compliance should you ever be asked to do so.
4. Update your privacy policies – consider all of your policies that touch on data; as well as the ‘obvious’ ones such as Data Protection, Data Breach Reporting and Subject Access Requests, don’t overlook others that will be affected such as your Data Security, Disciplinary and Recruitment policies.
5. Update your employment contracts – you will need to amend the data protection clauses in your employment contracts and individual contractor agreements so that they no longer seek to rely on consent as the lawful ground for data processing.
6. Notify your employees – you must issue Privacy Notices to all your employees explaining how you process their personal data.
7. Train your employees – GDPR compliance requires cooperation from each employee; make sure that everyone knows what their specific responsibility is in relation to data protection.
For professional advice tailored to your company, contact Simon Morgan at The HR Dept. We’ll get your HR processes GDPR-compliant with our half-day consultancy package, from just £395 + VAT!
Contact Simon at firstname.lastname@example.org or on 0345 634 9154.