The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR).  Plenty of people are talking about it, others thinking about it and the rest are in peaceful oblivion to the fact it’s fast approaching.  Do we really understand how this is going to affect HR and the sensitive data we all hold on our employees? Over the coming weeks we will be sending out a blog with the hope that this will stimulate debate and help us all understand how we are going to be impacted.

As a business that specialises in providing HR and payroll related services, Information Security and Data Protection are of utmost importance to us. Many of the changes and new data protection regulations in GDPR are similar or an extension to the scope of ISO27001. Symatrix has been ISO27001 accredited for four years and adheres closely to the Data Protection Act 1998 so our first step was to identify the areas that we would need to change.

 

Each week we will talk about the most relevant of the 12 steps that the Information Commissioner’s Office (ICO) is saying that we should be taking. These cover:

  1. Awareness
  2. Information you hold
  3. Communicating privacy information
  4. Individuals’ rights
  5. Subject access requests
  6. Lawful basis for processing
  7. Consent
  8. Children
  9. Data breaches
  10. Data protection by design and Data Protection Impact Assessments
  11. Data Protection officers
  12. International

Firstly awareness. We suggest that you need to understand, what is the current level of awareness around GDPR at the top table? Senior management need to ensure that all areas within the organisation are aware of the changes and that appropriate steps are taken to ensure the legislation-backed regulation is adhered to and that the rights of the individuals are upheld. HR departments, as the hub of people related activities, have a key role to play in delivering a successful transition to the GDPR.

Additionally, all organisations should strongly consider appointing a Data Protection Officer and this person must have appropriate expertise to ensure the business is well advised and implements appropriate processes and controls to adhere to the GDPR. This will require the “ramp up” of awareness of the new regulations and ongoing training.

dditionally, all organisations should strongly consider appointing a Data Protection Officer and this person must have appropriate expertise to ensure the business is well advised and implements appropriate processes and controls to adhere to the GDPR. This will require the “ramp up” of awareness of the new regulations and ongoing training.

Each week we will give you a tip that will help with the journey to GDPR compliance.

 

About the author

Ben Crick

Get in touch

Want to find out more? Get in touch and discover what Symatrix could do for your business. We’d love to chat.

Get in touch

Cookie Notice

Find out more about how this website uses cookies to enhance your browsing experience.

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. If you continue to use  the site we shall assume your consent to the use of cookies. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers