Written by Simon Morgan, HR Dept South East London and North Kent
If you run a small business, you may be reviewing your data protection. With less than 100 days until the General Data Protection Regulation comes into effect, you can’t afford not to be. But it’s not enough just to have all the right processes and procedures in place. If your employees don’t understand their roles and responsibilities when it comes to GDPR, you’re setting yourself up to fail. So what do you need to tell them?
Here are our top five things that your members of staff need to know about GDPR.
- Data protection is everyone’s responsibility. Data protection may not be in every job title, but that doesn’t mean each and every employee doesn’t have some responsibility for it. While the roles of legal, IT and HR are more obvious when it comes to data protection, it’s not them who’ll be picking up the phone to speak to customers, analysing your CRM system, or designing your new marketing campaign. Make sure that each staff member is aware of their specific role in making your customer data secure.|
- How to handle personal data. You’ll need to ensure that your staff are adhering to data security procedures that you have put in place to safeguard personal data you hold on customers, suppliers, partners, contractors, employees etc. For example, ensure they understand your rules for using portable devices like laptops and mobile phones out of the office or when working remotely, or personal devices, in order to keep data secure and confidential and how to report data security breaches.
- What to do if something goes wrong. Clearly the main objective of the new Regulation is to protect against a data breach but, if the worst happens, your employees must know what to do. Be clear about who their first point of contact should be, and make sure they understand that under the Regulation, serious breaches need to be notified to the ICO within 72 hours, so delay is not an option.
- The consequences of a data breach. Data protection is something that we all hear about from time to time at work and in the media, but unless you’re directly personally affected by a breach, or you work in the field of data protection, it’s quite easy to be fairly blasé about it. Make sure that your employees really understand the consequences of a data breach under the new Regulation. The maximum fine for non-compliance is €20m or 4% of global turnover – more than enough to sink a SME. OK, the Regulator is not going to penalise you to these levels, but there are also very serious consequences in terms of reputation and consumer trust that can be hugely difficult to overcome.
- How their data is being used. As an employer, you have access to personal data about your employees. Make sure they understand how you’re going to use their data, how it’ll be stored, and how they can log any objections that they might have to how their data is being processed.
For more advice on helping get your employees ready for GDPR, contact Simon Morgan at The HR Dept.