The GDPR, coming into force in May 2018, is one of the hottest topics in the business world at the moment. For small and medium businesses (SMEs), understanding the implications of GDPR compliance and how it affects smaller companies can be overwhelming.
From an HR standpoint, recruitment and employing staff requires collecting, storing and using other people’s data, so the GDPR will have big implications for any company that recruits and employs staff. At HROverload, we support and advise companies on their HR obligations and also areas such as data processing and handling when it comes to an employee’s personal data.
This article aims to give you a brief overview of how the GDPR may affect your business and more specifically helps you to understand what support you might need.
What is GDPR
The GDPR – or General Data Protection Regulation – is a new regulation brought in to replace the Data Protection Act 1998. Technology has changed enormously since the original act was enforced, so this new regulation aims to bring data protection rules up to date.
While the GDPR is similar to the current legislation, the implications and requirements are much more demanding. You must be able to show that you are accountable and follow strict rules on data processing, as well as understanding that individuals now have much greater rights regarding their data.
How will it affect our business?
As a starter, the GDPR will impact your business in the following areas:
- Direct marketing – when promoting to customers
- IT – cyber security
- HR – when collecting, storing and processing employee’s and candidate’s data
- CRM/Customer Service – when collecting and processing customers’ data
Do you need help with GDPR?
Get in touch to see how we can help
What happens if we don’t comply with GDPR?
If you don’t comply with the regulation, you may be fined. Article 83 of the General Data Protection Regulation provides details of the fines. The first tier of fine is up to €10 million or 2% of annual global turnover of the previous year, whichever is higher. The second is up to €20 million or 4% of annual turnover of the previous year, whichever is higher. Generally speaking, breaches of controller or processor obligations will be fined within the first tier, and breaches of data subjects’ rights and freedoms will result in the higher level fine.
So, how long do we have?
You must ensure you are compliant by 25 May 2018. You will need to review your current data processes, identify gaps for compliance and plan to implement solutions before the GDPR is enforced. All companies should ensure they can meet the rights for individuals, such as the right to be forgotten and requests for their data, and some companies will also need to designate a Data Protection Officer.
Getting help with GDPR HR
At HROverload, we believe that the success of your company is about managing your employees – not worrying about tricky regulation or where to store paperwork. And with GDPR to think about too, we wanted to make sure we had solutions we could offer. We’ve taken the time to become GDPR HR experts and can help do all of the following;
- Audit your data
- Draft a register of your HR data
- Issue privacy notices to employees
- Update contracts
- Introduce (or update policies)
We can help with all of the above, whether you just need a small update or to start from scratch.
In addition, we have partnered with breatheHR, a cloud HR software solution designed to tame the chaos so that you can get out from behind the desk and lead your people. By using this HR software you can keep all your employee data and documents in one place. So, you can dump that rusty old filing cabinet!
Lastly, we also work with expert partners who have the same ethos as us, whether it be a Compliance Expert IT/Cyber Security Whizzes or Marketing Specialist. So, if you have a question about any area of GDPR, just let me know, I’ll certainly know someone who can help you!
There’s some brilliant information on the ICO website about GDPR and getting ready if you fancy a bit of light (!) reading.
For more information, contact us on 020 8588 9494 for a quick chat about how we can help you get GDPR compliant.