Useful GDPR summary aimed at smaller businesses
- AuthorGillian Markland
If you are responsible for HR in your organisation, you will hopefully have locked onto the fact that new data protection rules (GDPR), coming into force on 25 May, have an impact on how you store and use employee and other personal data.
There is a lot of ‘guidance’ out there; much of it aimed at larger organisations with dedicated resource to look at GDPR. However, for owners and managers of smaller organisations, where personal responsibilities often span more than just HR, trying to understand what it all means in practice and what aspects to prioritise can be difficult.
The European Commission have recognised this is an issue and have recently produced an online summary aimed specifically at smaller businesses and is probably one of the more useful ones we’ve seen recently. You can scan read it quickly and easily; the link is provided below.
Although this and other summary guidance looks at data protection across all functions within an organisation, you can use it to identify what aspects are particularly important from an HR perspective. Key issues include finding out what employee data is held in other parts of your organisation, updating policies on the handling of personal data, training (particularly for line managers) to raise awareness of the need for data protection and ensuring suppliers like external payroll services will also be GDPR compliant.
The European Commission says it will be issuing some more detailed guidance on specific issues including, for example, data breaches (think Morrisons and the leaking of employee data). If and when this does come through, it will form the subject of future blogs.
European Commission online summary aimed at smaller businesses: