HR Data Policies & the GDPR
As the changes to Data Protection law are fast approaching, with the General Data Protection Regulation (GDPR) coming into force on 25 May 2018, our Employment Team have been assisting a number of companies in ensuring that their HR policies and procedures are GDPR compliant.
The GDPR will introduce a few dramatic changes from an employment law perspective, including how an employer should process data subject access requests, how personal data should be handled through the recruitment process, as well as an employer’s lawful basis for processing employee personal data.
It is prudent to take note of these changes for a number of reasons, including the new severe penalties for non-compliance. Under the GDPR, the ICO will have the ability to issue fines capped at €20 million or 4% of a company’s global turnover (whichever is the higher). This is a considerable increase from the current regime, where fines for data protection breaches are capped at £500,000.
Employers should be mindful of this and ensure that their HR data protection policies and procedures are GDPR compliant to best safeguard against a potential breach, or any breach committed by an employee which the employer may be vicariously liable for.
If you would like more information on the GDPR for HR, any training on how this will impact your HR processes or any HR documentation that you will need to update to ensure you are GDPR compliant, please contact Millie Kempley, or give us a call on 0345 070 6000.