Humanity is going digital. With much of our lives revolving around the interactions with the online world, be it shopping, information search or simply social connect; we leave bits and chunks of personal data trails almost everywhere. Superimpose the scenario for organizations, especially those employing large teams and workforce, and we get some serious numbers on the personal information that Human Resource Managers have to handle.
The advent of General Data Protection Regulation, better known as GDPR, in 2018 by the European Commission is all set to prepare the European Citizens to stay protected in the Digital Age.
What does it mean for the Human Resource Managers across the globe who handles sensitive Organizational Information every day?
Here is all you need to know about GDPR’s Effect on HRMs around the Globe.
GDPR in a Nutshell
Started out as a plan to reform the data protection norms in the European Union in 2012, the Commission made it into a law in May of 2018. A framework of Guidelines was released for online businesses and users. Some key points of the GDPR guidelines are;
- Legitimate, fair and transparent processing of the collected data by the organizations
- The Organizations must use the data within the scope of declared purpose and not beyond that without the user’s consent
- The User has the right to withdraw his/her consent at any given time, and the organization must document of the consent given/revoked at any time
- In case of a data breach, the organization is obliged to inform the Data Subject and the Regulator within 72 hours of identifying the breach
- Companies are liable to protect the collected data from subjects via organizational and technical mechanisms
- Every organization must assign a Data Protection Officer
How the HRMs will be affected?
The Nature of ‘Consent’ has changed
While protecting employee and recruitment candidate data had been in practice for a long-time, the GDPR guidelines state that the consent to store and process the staff/employee data will have to be categorized as Specific, Informed or Unambiguous. That means, HRMs will have to change the wordings of the organization’s privacy policies and add a compliance process for the same.
The Duration for Saving the Data
GDPR Guidelines have clearly laid out the duration for which a particular type of organizational data can be stored. In simpler words, the data can be stored for as long as the purpose is being fulfilled. For example, if you have temporary staff or employees, your HRMs must save their data in the ‘Temporary’ archive so that it can be disposed-off carefully once an employee ceases being a part of the organization.
Usage as per intended purpose
Human Resource Managers will have to ensure that the collected data can only be utilized by the organization for the intended purpose communicated to the employees. That means, if you collected the CV for an employee to ‘Recruit,’ it cannot be used in any other way.
Similarly, to map the ex-employees of a company, the organizations will have to work its way up to get their consent in case their data has to be used! For this to be enforced, HRMs will have to draft ‘Declaration’ of employee data usage to make them aware.
Background Criminal Record Checks
This one might surprise you, but as per the 2018 release of GDPR guideline, employers will not be able to conduct routine background criminal checks on the employees under the standard Disclosure and Barring Service (DBS). HRMs must keep this point in mind to avoid any unlawful action on the part of the company.
Encryption of HR Data and Records
The focus of GDPR is to protect the users from breach of privacy through misuse of their data. Thus, encryption of all the HR records goes without emphasizing it. Though, a noteworthy point is that not only the employee records must be encrypted, but also the communications via emails or any other mode of information transmission between an employee and the organization must be encrypted.
If your company is involved in business at an international level without being situated in the EU, you might still have to comply with the GDPR. The reason being all the major platforms will update their data protection policies and will demand clients/partners across the globe to change their systems accordingly.
Update your HR process today to comply with the GDPR Guidelines!