The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR). Plenty of people are talking about it, others thinking about it and the rest are in peaceful oblivion to the fact it’s fast approaching. Do we really understand how this is going to affect HR and the sensitive data we all hold on our employees? Over the coming weeks we will be sending out a blog with the hope that this will stimulate debate and help us all understand how we are going to be impacted.
As a business that specialises in providing HR and payroll related services, Information Security and Data Protection are of utmost importance to us. Many of the changes and new data protection regulations in GDPR are similar or an extension to the scope of ISO27001. Symatrix has been ISO27001 accredited for four years and adheres closely to the Data Protection Act 1998 so our first step was to identify the areas that we would need to change.
Each week we will talk about the most relevant of the 12 steps that the Information Commissioner’s Office (ICO) is saying that we should be taking. These cover:
- Awareness
- Information you hold
- Communicating privacy information
- Individuals’ rights
- Subject access requests
- Lawful basis for processing
- Consent
- Children
- Data breaches
- Data protection by design and Data Protection Impact Assessments
- Data Protection officers
- International
Firstly awareness. We suggest that you need to understand, what is the current level of awareness around GDPR at the top table? Senior management need to ensure that all areas within the organisation are aware of the changes and that appropriate steps are taken to ensure the legislation-backed regulation is adhered to and that the rights of the individuals are upheld. HR departments, as the hub of people related activities, have a key role to play in delivering a successful transition to the GDPR.
Additionally, all organisations should strongly consider appointing a Data Protection Officer and this person must have appropriate expertise to ensure the business is well advised and implements appropriate processes and controls to adhere to the GDPR. This will require the “ramp up” of awareness of the new regulations and ongoing training.
dditionally, all organisations should strongly consider appointing a Data Protection Officer and this person must have appropriate expertise to ensure the business is well advised and implements appropriate processes and controls to adhere to the GDPR. This will require the “ramp up” of awareness of the new regulations and ongoing training.
Each week we will give you a tip that will help with the journey to GDPR compliance.
Get in touch
Want to find out more? Get in touch and discover what Symatrix could do for your business. We’d love to chat.