Top 5 Tips To Ensure Your HR Isn’t Exposing Your Company To GDPR Fines

9th July 2019

It has been a year since GDPR was introduced. The HR department is often responsible for a lot of GDPR breaches purely due to the amount of personal data they are handling every day. This makes it very important to ensure that your HR team are aware of GDPR and taking the necessary precautions to stop these breaches from happening.

 

1. Implement a data protection policy/privacy standard

Although it has been a year since GDPR was introduced there are still people who are unaware of it or unsure as to what it fully means. Before you do anything, you need to ensure your staff are trained in GDPR, this includes any new employees and this training should be done regularly, so that all of your employees are absolutely clear on how they need to be handling personal data. Using effective policies or privacy standards are crucial ways to make employees aware of their data protection responsibilities when they are handling personal data. Make sure you keep these policies up to date and that all your staff are aware of them.

 

2. Update your procedure on retention and destruction of HR documents

Under GDPR you must ensure that you aren’t keeping personal data longer than necessary.  Data stored should be limited to a strict minimum and time limits should be established by the data controller for deletion of the records. Organisations, therefore, must ensure personal data is securely disposed of when no longer needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.

 

3. Review all recruitment and benefit forms

GDPR also applies when you are recruiting as you are handling applicants’ personal data. You need to ensure that you are only asking for the necessary information in your recruitment and benefit forms. You also need to consider the data that you are sending to third parties such as pension providers or external payroll and ensure that the additional data-controller- to- processor contractual arrangements under GDPR are in place.

 

4. Sort out your IT systems

Companies should make sure that their IT systems are up to date and secure. Businesses can use something called Cyber Essentials, which is a Government scheme that helps protect companies from all kinds of cyber-attacks and can help you ensure that you don’t commit any unintentional data leaks that could leave you subject to a GDPR breach fine.

 

5. Know how and when to report a data breach

Under GDPR you must report certain types of personal data breaches to the relevant authority. You must do this within 72 hours of becoming aware of the breach. Failure to do so can result in hefty fines. You should ensure you have a robust breach detection, investigation, and internal reporting procedures in place.