In My View: GDPR panic over?
Published 00:00 on 21 Jun 2018
No doubt you breathed a sigh of relief when you got things done in time. If you didn't, don't panic as it's highly unlikely that you'll be pursued by the Information Commissioner if you can show that you're actively engaging with the new regime. Many businesses are taking the approach that GDPR is 'work in progress' which was always going to extend beyond the deadline.
The lead up to GDPR has been hectic and we all had to prioritise on what to tackle first. Most of us tailored our GDPR planning to the key areas of risk we face, where enforcement action is more likely in the event of a data breach.
As a result, HR and employee data has been low priority for many businesses but it's important to recognise that as with customer data, the way we collect and process employee information will change.
We need to think about how we use personal and sensitive staff data and, probably, tighten up our data security procedures.
In recruitment, if we use automatic profiling to filter CVs, we need to notify candidates and, if they object, use an alternative method with some human intervention.
Consent clauses in employment contracts will be invalid so we need to establish another legal basis for processing data which may vary for different categories and the reasons for processing it.
It's essential that we know how to deal with requests for information from employees or ex-employees, how to identify a formal Subject Access Request, and what to do with it. Timescales and information requirements have changed along with the abolition of SAR fees. Coupled with the abolition of employment tribunal fees, we could see an increase in SARs as they're often used by aggrieved individuals to gather information prior to litigation.
There are still grey areas in the GDPR which will, over time, be interpreted by the Courts when legal challenges are made. It's likely that as our understanding of the legislation evolves, so too will our processes.
In my view, if we take a sensible, systematic approach to data protection across all parts of our business, involving our employees and ensure new systems become part of the way we do things, then we can't go far wrong.
CCCI members' meetings and events give businesses the chance to talk about issues that are important to them. Meeting other business people and getting to know them in a relaxed and supportive atmosphere provides members with their own informal support network – as well as the opportunity to develop good business relationships.
Dianne Lambdin, Director of Chichester Chamber of Commerce & Industry and The Sussex HR Hub
Office Chichester Chamber - Thursday, June 21, 2018
Last updated 13:42 on 11 May 2022