With just two weeks to go before the new General Data Protection Regulation (GDPR) comes into force, XpertHR says there is still time for companies to comply and is offering HR professionals practical advice that will enable them to take the lead and help their organisations prepare.
The new Regulation – which will come into force on 25th May 2018 – replaces the Data Protection Act 1998 in the UK and marks the start of a radical new data protection landscape, with significant penalties for non-compliance.
XpertHR says HR teams have an opportunity to showcase their expertise in data issues, leading by example with personnel data and then helping the business deal with customer data handling.
Jo Stubbs, head of content at XpertHR, said: “The clock is ticking to the introduction of the new GDPR. However, businesses that haven’t yet started their compliance journey shouldn’t panic. There is still time to start the process, and employers should focus on the most important elements first.
“The GDPR is an opportunity for organisations to embed a cultural change. By championing privacy ‘by design and default’, HR can seize the positive aspects of the new Regulation.”
Five ways HR can lead the way:
- HR teams are used to handling data and data requests – they can help the business identify any issues, help solve existing problems and anticipate any that may arise later.
- Robust policies are HR’s domain – HR teams are used to writing policies to secure workplace compliance and can use their knowledge and experience to draft GDPR-compliant policies.
- HR can bring their risk management expertise to the fore. They are at the forefront of dealing with the risks created by employees and the use of data. It will be vitally important for them to document clearly that the business has complied with its GDPR obligations to mitigate any risk of fines.
- HR can use their understanding of the organisation to help the teams most impacted by new ways of working to avoid or minimise risk connected to the GDPR.
- HR can provide training to employees to give them the requisite skills and capabilities to operate effectively in a GDPR-compliant environment, ensuring they understand their obligations and the consequences of falling short.
XpertHR offers up to date guidance on the GDPR, including GDPR-compliant model policies and documents. Key resources include How to conduct an audit of HR personal data for the General Data Protection Regulation (GDPR) and three one-hour webinars with expert advice from employment lawyers on different aspects of the GDPR: Get ready for the GDPR, Processing without consent and Data retention under the GDPR.