/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2019/01/Data-Privacy-Day.jpg)
What does privacy mean to us? With so many data breaches we try to do anything and everything to keep our data safe and that in simpler words is what GDPR helps us achieve. GDPR stands for General Data Protection Regulation, developed in the EU and now followed worldwide, this gives citizens more control over their personal data. The aim is to simplify the regulatory environment for businesses so that they can fully benefit from the digital space. It is without a doubt that we can say that our lives revolve around data. From social media companies to banks, retailers, and governments – almost every service we use involves the collection and analysis of our personal data.
Now let’s understand which companies fall into the category of needing a GDPR and how can they establish it in their firm.
Which companies does the GDPR affect?
Any company that stores or processes personal information about EU citizens within EU states, must comply with the GDPR. This applies even if they do not have a business presence within the EU. According to an article in LexCounsel, GDPR has extra-territorial application and applies to the processing of personal data of EU residents even by entities situated outside the EU. Thus, Indian entities who are acting as either a ‘controller’ (i.e. the person who determines the purposes and means of the processing of data) or a ‘processor’ (i.e. the person who processes the personal data on behalf of the controller), of personal data of persons of EU, about the offering of goods or services to such persons or monitoring their behaviour in so far as it takes place within EU, become subject to GDPR.
Specific criteria for companies required to comply are:
• A presence in an EU country.
• No presence in the EU, but it processes personal data of European residents.
• More than 250 employees.
• Fewer than 250 employees but its data-processing impacts the rights and freedoms of data; is not occasional or includes certain types of sensitive personal data.
What HR needs to do to comply with GDPR?
The GDPR introduces a considerable number of new information and regulations, so HR departments will need to dedicate time and resources to cover each new compliance area. Some of the most important tasks HR must address are:
Privacy policies
Not only does HR need to uphold new rights for employees, but they must also formalize and clearly spell out these rights for employees under the GDPR’s strengthened transparency and accountability requirements. HR will have to review and update its privacy policies to communicate these rights.
Processes
As a result of the GDPR, HR will need to review and update many of its current processes. For example, HR must only gather data that is relevant. This means HR will need to rethink any process that involves requesting personal data from employees, such as onboarding and transfers.
Security
With the stakes high for noncompliance, security must be managed. One step HR should take is to make sure the right employees have the right level of access when it comes to viewing employee data. Only those roles who truly need employee data should be able to access it.
Employee file management
The GDPR will result in new employee files that HR must have employees sign or acknowledge. On top of new documents, the GDPR places greater importance on timely document deletion since a company can be fined for holding onto data it doesn’t need. HR will need to review its current retention policies along with its process for managing document expiration dates.
Lastly, GDPR brings in various benefits that will impress your current employees and new hires. This is because they know that the data that they provide is safe in the hands of the company. As a company, it also would help you stand out in a crowd. It would show your customers and investors that you value them and are tech-savvy.