One-third of HR professionals admit to a breach
The buzzword this year was GDPR and HR directors were rushing to make sure their companies became GDPR compliant. Software provider CIPHR has discovered that less than a year after GDPR came into force, HR officials are still not complying with the rules and are leaving their companies open to sizeable financial penalties. Alarmingly, around one-third of HR professionals have admitted breaching GDPR by maintaining personal details about job applicants and staff who have moved on to other companies.
Employers must have a valid reason to gather and process people’s personal data. In most cases, this is for legitimate purposes, for example, gathering job candidates’ contact details for communication. Firms may need to get consent from the person to use the data for a purpose that’s outside the normal business-employee relationship. HR personnel must make sure they have clearly identified the lawful basis for the personal data they are capturing.
GDPR gives employees a lot more control over how their personal details are used. HR professionals should make sure they update their privacy statements outlining the data that’s held as well as how it will be used. It should also clearly explain where those details are stored, how long they will be held and the individuals’ rights. Privacy information must be easily accessible.
Can the data be deleted?
GDPR regulations permit employees to have access to their personal details if they so wish, and in some cases, order that their data is removed. HR personnel should ensure they can provide the necessary information requested in an accessible format, and they should also be familiar with how to delete the data.
The burden of personal data and employee issues can be taken out of the hands of businesses and handed over to HR outsourcing services such as https://www.mushroombiz.co.uk/homepage/services/hr/. It lightens the load of a busy company, allowing it to focus on growth and profits.
According to Digiday’s interview with Guardian Media Group chief revenue officer Hamish Nicklin, GDPR will ultimately be good for the industry.
It’s likely that very few firms will have a data breach but if they do it’s imperative that HR staff know how to act immediately, and that means having clear guidelines in place should something happen at any time.