With the upcoming General Data Protection Regulation (GDPR) going into effect in late May, I was curious to learn from the experts at the International Privacy + Security Forum in Washington D.C. As expected, there was a lot of talk about the GDPR and three themes were common throughout the conference:
No one has all the answers
The most common theme was that while the GDPR is very detailed, there are some open questions that won’t be resolved before May 25.
In order for HR to prepare for the sections of the GDPR that are less clear, the experts recommended clearly documenting each decision relating to personal data (and the Article it relates to) as you come into compliance. In addition, they suggested incorporating ongoing employee data management procedures to ensure that documentation is regularly updated. This way, if a question comes up from regulators later on, you will be able to explain the rationale behind data decisions over time.
The GDPR is spreading
Parts of the regulation are being adopted by nations throughout the world. That said, even if a non-EU country incorporates the entire GDPR into their data protection policies, employers shouldn’t rely on a blanket application of the regulation to become internationally compliant as legal and cultural interpretations will vary.
While there is no perfect strategy, some employers are applying the GDPR as a baseline employee data management standard and adopting other national policies in certain locations as necessary. This allows businesses to efficiently process HR data, while allowing the flexibility to incorporate key national regulations. When deciding whether to incorporate separate national policies into employee data management practices look at the risk of non-compliance, the sensitivity of the data and the number of employees based in each location.
House your data in one place
One big surprise for legal experts? Not even the best IT teams know where all their company’s data is housed. An often-told story was discovering unexpected data sets with privacy ramifications. The only way employers were able to get an accurate picture was to meet with individuals and teams across the entire organization.
What can an employer do in the long term to better manage employee data? Centralize and maintain everything in one place. Keeping your data in one place will improve your team’s ability to comply with record retention regulations and make it much easier to secure personal data. In cases where centralization isn't possible, ensure that exceptions are clearly documented and readily available.
If you’re struggling to manage your HR data, PeopleDoc has a great document management solution for all your HR records:
You May Also Be Interested In:
What is the CCPA and what does HR need to know?
The California Consumer Privacy Act (CCPA), intended to protect the privacy of California residents, is having a ripple effect across the United States. Originally designed to give California consumers new rights, the definition of “consumer” in the Act is so broad that your workforce data may also be affected. If you're an employer who may be impacted by the CCPA, here are 5 actions you can consider before the new privacy law goes into effect on January 1, 2020.
What impact could a no-deal Brexit have on employee data?
Last week, Theresa May’s Brexit plan was defeated, leaving United Kingdom employers (along with the rest of the world) with a number of questions. One primary concern: maintaining compliance with the General Data Protection Regulation (GDPR) if the UK leaves the European Union before a deal is in place. While a lot remains unclear, here are three things to be aware of when preparing employee data for a no-deal Brexit.
It seems like every week there is a news blast on how data has been misunderstood, misused or abused. From Cambridge Analytica’s purposeful abuse of personal data to Strava’s unintentional reveal of military bases, 2018 has brought the consequences of personal data collection to the forefront. That said, it’s important not to forget that with proper use, personal data can have a huge, positive impact on your HR practices. Employers have used personal data to make better hiring decisions, help employees get healthy and address biases in the workplace.
Robin is the HR Compliance Assist Manager at PeopleDoc. She joined the team to help customers remain in compliance globally and easily navigate foreign rules and regulations through HR Compliance Assist.
Previously, Robin managed client HR communications and provided outsourced HR support. She has a Masters in Psychological Counseling from Teachers College, Columbia University.