<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=127469634355496&amp;ev=PageView&amp;noscript=1">
Let's Talk

Let's Talk

"Nobody has all the answers" and more real talk about GDPR
Blog Feature Subscribe
Robin Sendrow

By: Robin Sendrow on March 9th, 2018

Print/Save as PDF

"Nobody has all the answers" and more real talk about GDPR

Compliance and Security

Est. Read Time: 3 min.

With the upcoming General Data Protection Regulation (GDPR) going into effect in late May, I was curious to learn from the experts at the International Privacy + Security Forum in Washington D.C. As expected, there was a lot of talk about the GDPR and three themes were common throughout the conference:

 

No one has all the answers

The most common theme was that while the GDPR is very detailed, there are some open questions that won’t be resolved before May 25.

In order for HR to prepare for the sections of the GDPR that are less clear, the experts recommended clearly documenting each decision relating to personal data (and the Article it relates to) as you come into compliance. In addition, they suggested incorporating ongoing employee data management procedures to ensure that documentation is regularly updated. This way, if a question comes up from regulators later on, you will be able to explain the rationale behind data decisions over time.

 

The GDPR is spreading

Blog Image_ International Privacy ConferenceParts of the regulation are being adopted by nations throughout the world. That said, even if a non-EU country incorporates the entire GDPR into their data protection policies, employers shouldn’t rely on a blanket application of the regulation to become internationally compliant as legal and cultural interpretations will vary.

While there is no perfect strategy, some employers are applying the GDPR as a baseline employee data management standard and adopting other national policies in certain locations as necessary. This allows businesses to efficiently process HR data, while allowing the flexibility to incorporate key national regulations. When deciding whether to incorporate separate national policies into employee data management practices look at the risk of non-compliance, the sensitivity of the data and the number of employees based in each location.

 

House your data in one place

One big surprise for legal experts? Not even the best IT teams know where all their company’s data is housed. An often-told story was discovering unexpected data sets with privacy ramifications. The only way employers were able to get an accurate picture was to meet with individuals and teams across the entire organization.

What can an employer do in the long term to better manage employee data? Centralize and maintain everything in one place. Keeping your data in one place will improve your team’s ability to comply with record retention regulations and make it much easier to secure personal data. In cases where centralization isn't possible, ensure that exceptions are clearly documented and readily available.

The privacy experts all expect the GDPR will continue to be a hot topic for international businesses in the next year. Make sure you're ready by understanding the implications for HR.  

If you’re struggling to manage your HR data, PeopleDoc has a great document management solution for all your HR records:

You May Also Be Interested In:

Why HR should care about accessible technology

In honor of Global Accessibility Awareness Day we’re explaining what accessibility means and why businesses and their HR leaders should pay attention to it. As the world becomes increasingly digital, you’ll surely encounter the need to evaluate new workplace software or tools. For HR especially, considering whether new technology is accessible can make a world of difference for the employee experience. Here’s a brief overview of what you need to know about accessibility:  

Read More

How NCR stays on top of managing employee record retention guidelines

With 30,000 employees located across all 7 continents, Dana LaBarnes, Senior Director of Global HR Shared Services at NCR, has his work cut out for him. Consider how many different employee record retention guidelines his team must manage—and the fines associated with letting just one document slip through the cracks. It’s a risk NCR (nor any company) can afford to take. To stay on top of the various document retention schedules for his geographically diverse employee population, Dana needed to find a digital solution. In this video, he explains how he made his decision:  

Read More

Be ready for the exit: The HR implications of Brexit

In 2016 the people of the United Kingdom voted to no longer be a part of the European Union. After Brexit, new legislation will come into effect. Even if conditions and the date of the exit are still under negotiation and preparation, and the details still unclear, we already know that it will be very impactful for all areas of life in the UK and the EU, including implications for international businesses and their HR departments.

Read More

What is the CCPA and what does HR need to know?

The California Consumer Privacy Act (CCPA), intended to protect the privacy of California residents, is having a ripple effect across the United States. Originally designed to give California consumers new rights, the definition of “consumer” in the Act is so broad that your workforce data may also be affected. If you're an employer who may be impacted by the CCPA, here are 5 actions you can consider before the new privacy law goes into effect on January 1, 2020.

Read More

About Robin Sendrow

Robin is the HR Compliance Assist Manager at PeopleDoc. She joined the team to help customers remain in compliance globally and easily navigate foreign rules and regulations through HR Compliance Assist. Previously, Robin managed client HR communications and provided outsourced HR support. She has a Masters in Psychological Counseling from Teachers College, Columbia University.