Employee data managementUnder GDPR, all business leaders will have to ensure they:
- Request consent for data and clearly detail how the data will be used
- Offer individuals the right to access their data
- Offer individuals the right to be forgotten – to withdraw their consent and prevent further dissemination of their data
- Notify those concerned of any security breaches
A note on BrexitGDPR is about protecting the data privacy of EU citizens. This is true regardless of where the business or organisation that holds the data is based. In other words, chances are businesses will need to be GDPR compliant regardless of what happens when the UK withdraws from the EU. According to EUGDPR.org, the UK government has indicated that equivalent legal mechanisms would be put in place, regardless of whether the UK maintains the GDPR post-Brexit. In all scenarios, the wise thing to do is start preparing now.
SMEs respondThis issue will affect businesses and organisations of all sizes. We caught up with Abby Blackmore, head of operations at creative digital and social agency Impero, to find out how she is preparing for the switch. Why is data protection important for a business’ reputation? “Data and its protection has changed so much since the old data protection rules were written. “With the growth of the internet and computers in general, we now have more data than ever at our finger tips. Whilst we can’t fathom doing our jobs without this huge cloud of data, it means we are much more open to data breaches. “It is important to be on top of your data protection as clients and employees are now much more aware of the importance of their data and its safety and it is a very important responsibility they have trusted us with. I think companies need to show that they have taken that responsibility seriously – fines or no fines.” How do you keep on top of data protection for employees? “At Impero we regularly review that our HR software is compliant, and that knowledge of employee data is available only to those who need it. “Keeping the circle of access tight, and the software top tier, allows us to be sure we are keeping privacy protected.” How do you ensure that you are compliant with GDPR? “GDPR feels like a huge beast when you initially look at it, with far reaching consequences. “The first step, as with any big looming project, is to break it down into more manageable buckets of work, prioritising them, and just working slowly but surely to a good place. “Once your initial audit is done, you inevitably find that you are actually already compliant in a lot of areas, and others just need tweaks rather than massive overhauls. Breaking through the stigma and fear of how big this change feels is the first step.” Want more help with your company’s GDPR compliance? Learn more about how Sage could help with its suite of services.
Share this story