Guest Blog by Shakira Joyner or HCHR
If you run a small business, you should by now have reviewed your data protection in line with the new GDPR rules which came into effect on 28 May 2018. However, it’s not enough just to have all the right processes and procedures in place. If your employees don’t understand their roles and responsibilities when it comes to GDPR, you’re setting yourself up to fail. The team at HCHR has come up with tips on GDPR guidance for employees to ensure your business is not at risk of breaching these new rules.
Data protection may not be in every job title, but that doesn’t mean each and every employee doesn’t have some responsibility for it. While the roles of your legal, IT and HR departments are more obvious when it comes to data protection, it’s not them who’ll be picking up the phone to speak to customers, analysing your CRM system, or designing your new marketing campaign. Make sure that each staff member is aware of their specific role in making your customer data secure.
Handling Personal Data
You must ensure that your staff are adhering to the data security procedures that you have put in place to safeguard personal data you hold on customers, suppliers, partners, contractors and employees. For example, ensure they understand your rules for using portable devices like laptops and mobile phones out of the office or when working remotely, or personal devices, in order to keep data secure and confidential and how to report data security breaches.
Handling Data Breaches
The main objective of the new GDPR regulations is to protect against a data breach but, if the worst happens, your employees must know what to do. Be clear about who their first point of contact should be, and make sure they understand that under the Regulation, serious breaches need to be notified to the ICO within 72 hours, so delay is not an option.
Data protection is something that we all hear about from time to time at work and in the media, but unless you’re directly personally affected by a breach, or you work in the field of data protection, it’s quite easy to be fairly blasé about it. Make sure that your employees really understand the consequences of a data breach under the new Regulation. The maximum fine for non-compliance is €20m or 4% of global turnover, which could be the end of a small business. It’s unlikely that the regulator will penalise you to these levels, but there are also very serious consequences in terms of reputation and consumer trust that can be hugely difficult to overcome.
Using Employee Data
As an employer, you have access to personal data about your employees. Make sure they understand how you’re going to use their data, how it’ll be stored, and how they can log any objections that they might have to how their data is being processed.
GDPR Guidance for Employees
If all of this makes you feel uncomfortable and you’re not convinced that you have the correct policies and procedures in place; or if you’re not confident that your employees understand the potential risks of not understanding these rules, then give us a call.
At HCHR we offer small businesses a range of options when it comes to GDPR training and support.