On May 25, 2018, GDPR law will come into effect. This HR department is the one which is going to get the most affected. The question is: How will the employers cope up with this change? In order to stay compliant with the law, they have to review their marketing processes and make changes accordingly.
But what is GDPR?
GDPR makes it mandatory for companies to inform their European customers about when and where their data is being used. This brings complete transparency while exporting data. Customers can request to delete the data at any time, and companies must oblige to the same.
What if your employees want to see their data you have? Will you be able to provide it? You might have their payroll information but what about their interview responses, claims, etc. You must have stored their information in folders or on the desktop. However, doing a data audit will be a good idea for staying compliant with GDPR. This audit will ensure that all your documentation is in place. HR managers must handle data in an organized manner right from the beginning while hiring a candidate.
Let us discuss five areas where HR managers need to work to stay GDPR compliant.
1) Recruitment
It is a major area which takes maximum efforts of recruiters. They collect a lot of personal information about the candidates through their application forms, resumes, portfolios, etc. Make sure you are informing candidates where their information is being used. If you are taking help from employment agencies, it is your responsibility to ensure that they follow data privacy standards.
2) Saving data
Do not save data if it’s unnecessary. Keeping it with you only until the time it is required is legal.
3) Background check
There are specific circumstances under which background checks can take place. According to Data Protection Bill, employers have an authorization for conducting criminal checks.
4) Dealing with third-party
Make all third-party contracts compliant with GDPR. This includes IT, supply chain and other service providers.
5) Notify breach
Cyber-attacks and hacking are on the rise. If there is a breach, you must notify the same to the authorities within 72 hours of the breach.
Employers are advised to access their HR practices and fill in the loopholes to follow GDPR guidelines. A few days are left for the law to get enforced. Thus, adequate measures should be taken to prepare for the same.