What is This Buzz About GDPR?

Come May 25, 2018; the European Union will launch the General Data Protection Regulation (GDPR) law. It contains a set of new rules which apply to any business which deals with the data of European citizens. Adhering to this law is mandatory. Thus, your company must comply with the requirements.

With the introduction of this law, the human resource department will have to deal with a huge impact. As an HR manager, what steps do you need to take to become GDPR compliant?

But let us first understand what GDPR is.

GDPR is a replacement for the current Data Protection Directive. This law is designed to provide data privacy rights to European citizens. As per the new standards, companies need to be transparent while handling European citizens' personal data.

How can we classify personal data?

Personal information includes name, email address, photos, phone number, bank details, medical information, etc.

If you do not follow the set standards, you can be fined up to reaching up to €20 million or 4% of global turnover. Now, the responsibility falls on HR managers, their organizations, and recruitment agencies to conduct a detailed analysis of candidate/staff data they possess and identify issues that are against GDPR compliance.

Here are some facts about this law which you need to know and adopt:

1)    Consent and Intimation

Be it your current staff or potential candidates; they must give you data out of their willingness. They can also withdraw their consent. Thus, you must keep data in a consistent format so that you can edit it quickly.

Also, you must share with them when and where their data is being shared with the third party. They have the right to request to delete information if required, and you must accept it.

2)    Notify Data Breach

One of the main reasons for implementing GDPR is many cyber-attacks and hacking issues coming up. Companies are not taking immediate action to protect themselves from such a situation. To deal with this, GDPR requires businesses to notify breaches within 72 hours.

3)    Do Not Save Data

GDPR enforces organizations to keep data only till the time it is required. Change your system if it does not allow you to permanently delete the information when not required.

4)    Encrypt Data

Handle all sensitive data carefully. You can protect the same by encrypting it. Apart from the data you save, you can also add encryption to your emails. Strong authentication is another method of adding protection to data.

Time is running out. May 25 is around the corner when GDPR will come into effect. If you haven’t changed your practices yet, take action right away to adhere to the guidelines of this law.