The General Data Protection Regulation
The General Data Protection Regulation (2016/679 EU) (GDPR) is the new legislation for collecting and processing personal data in the EU. It comes into effect on May 25th2018.
Although the GDPR requires that personal data be processed according to many of the same principles as under the current Data Protection Act 1998, it does, however, have some new requirements regarding:
- the use of consent as a justification for processing data;
- the demonstration of compliance through the documentation of data processing activities;
- the adoption of organisational measures for data protection such as policies and practices and
- the provision of more information to employees and job applicants on the purpose and legal grounds for collecting their data, and their rights in relation to their personal data.
Employers should also be aware that any breach of the GDPR in some circumstances can lead to a maximum fine of €20 million or 4% of an undertaking's worldwide annual turnover, whichever is higher.
How cloud HR software can help with the GDPR
HR Online can make the compliance process a lot easier. For example, any employee subject access requests can be complied with more quickly and within the new timescales set out in the GDPR. Locating information in paper records is much more time consuming.
HR Online has secure role based password access so you can control the type of information individuals can view and this is one of the GDPR’s requirements.
HR Online will give you a full audit trail on any alterations made to personnel records such as who did it and the reason.
HR Online allows you to assign retention periods for the storage of various types of documentation such as sickness, and disciplinary and HR personnel will automatically be alerted to review or delete the electronic files. Another requirement of GDPR is that data subjects have a ‘right to be forgotten’ which means that it should be possible to easily delete personal data upon request.
HR Online has a ‘Self Service’ module which allows employees to access and update certain categories of their own personal information.
HR Online has successfully undergone penetration testing (pen testing) to evaluate the security of the system.
Storing HR records and the GDPR
The GDPR will necessitate the carrying out of a data audit to evaluate the personal information you are holding and the format it is in. You’ll need to check what you need to keep for past employees and make sure that you only retain what is absolutely necessary. This will also include making plans as to how you will store this information as well as how you will confidentially destroy the rest.
All this is so much easier when using HR cloud software. If you still have paper records you can have them scanned and uploaded to HR Online. It goes without saying that HR material is obviously sensitive and highly confidential and needs handling with care.
With the new requirements of the GDPR also to consider, the argument for storing HR records electronically has never been stronger.
For further information on HR Online and how it can help with the compliance of the GDPR please click here or call us on 0800 840 3336.