What Is The General Data Protection Regulation EU?

The General Data Protection Regulation (GDPR) is European legislation which, despite Brexit, will still come into force in the UK, the latest date for compliance being 25 May 2018.  It will apply to all businesses which process personal data i.e. data relating to individuals.  This means that it will apply to the use of employee data in HR, IT and the wider business, as well as suppliers or customers who may be individuals, sole traders or partnerships.  The Information Commissioner’s Office (ICO) will be the government body whose role it will be to both assist businesses to comply but to also monitor and enforce through the use of fines.

Implications For Businesses And Organisations Employing People

The General Data Protection Regulation promotes accountability and governance and makes the obligations of companies more explicit than previously in the Data Protection Act (DPA).  Companies will be expected to put in place appropriate but proportionate measures and some best practice principles will become legal requirements.  There are a number of measures that must now be taken:

  1. Companies will now be required to demonstrate that they comply with the various principles
  2. Relevant documentation must be created, maintained and retained of processing activity
  3. The GDPR will introduce a duty on all organisations to report certain types of data breach to the relevant supervisory authority, and in some cases to the individuals affected
  4. The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third parties or international organisations

Making Your HR GDPR Compliant

In order to comply with the GDPR regulation, organisations need to undertake a number of detailed steps which, when implemented correctly, will lead to compliance. To help your HR function achieve compliance we have created a step-by-step guide to help you through this process. Please click on the link below or call us on 01438 747747. Thank you.