Preparing for GDPR: 10 Top Tips for Employers

blog-publish-date

19 Feb 2018

blog-read-duration

The General Data Protection Regulation (GDPR) is coming but a recent survey suggests less than 50% of businesses are familiar with it. Our advice is that all businesses need to take action now, as doing nothing may land your business with a fine of as much as €20 million or 4% of your annual turnover.

What is GDPR? It comes into effect on May 25th 2018 across the European Union and is replacing the UK Data Protection Act. GDPR brings in a strict set of new rules concerning privacy and data security, while imposing penalties on businesses which violate them. Who does GDPR affect? GDPR affects anyone holding data on EU citizens including employers and business owners of any size. This is because they are likely to control personal data – or at least process it on someone else’s behalf, such as employee personal details, as well as performance reports and attendance records. The GDPR applies to all EU organisations and to any organisation outside of the EU which processes personal data on an EU national. What about Brexit? It is likely the UK will still be a European Union member state as of 25th May 2018, so the regulations will apply until we leave the EU. Once we leave it is expected the UK will either adopt the GDPR in its entirety or adopt national legislation, which is similar to GDPR.

GDPR Infographic

GDPR: Top 10 Tips for Employers

Here are our expert’s top tips for ensuring your business complies with the new regulations:
  1. Make sure people in your business know that the law is changing.
  2. Create a register of the personal information you hold, where it came from, and who you share it with.
  3. Review the current privacy notices for the data you store and prepare to change them for GDPR.
  4. Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
  5. Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
  6. If someone asks you to remove their data, make sure you can prove you’ve done so.
  7. Put in place a process for handling requests for any of the data you hold, including how quickly you will respond, how you will provide it, and how you will assure requesters that they own it.
  8. Decide if you need a system for identifying the age of individuals and whether you need parent or guardian consent.
  9. Have an emergency plan in case you lose data or someone steals it.
  10. Nominate a responsible person to be your Data Protection Officer or representative, as applicable.

What are the main changes of GDPR?

GDPR will replace the current legislation under the UK Data Protection Act. The new legislation is coming in because digital technology has moved forward far more rapidly than the law, so in affect GDPR is necessary to help the law catch up with the rapidly evolving digital environment. One of the biggest differences between the current legislation and GDPR is that people will gain much more control of their personal data. The new rights of the people your business holds data on are:
  • The right to be informed: Where you state in your privacy notice how you process information fairly.
  • The right of access: Data subjects can get access to, and a copy of, their data and find out how you are using it.
  • The right to rectification: People can ask you to update any inaccurate or incomplete data.
  • The right to erasure: Commonly called ‘the right to be forgotten’. People can ask you to delete or remove their personal data.
  • The right to restrict processing: Where you are allowed to store but not process personal data.
  • The right to data portability: Allows people to get some of their data from you for their personal use.
  • The right to object: People can opt out of you profiling them based on their data, direct marketing to them, or using their data for research.
  • Rights in relation to automated decision making and profiling: Protection against mistakes or decisions where humans are not involved in data processing.
Watch out for our expert’s comprehensive GDPR White Paper, which will be published on the Croner Free Downloads shortly.

Free to Download Employer Resources

  • Pay Awards & Forecast (September 2018)

    FREE DOWNLOAD

    Pay Awards & Forecast (September 2018...

    Read Croner Reward's expert settlement and forecast report for September 2018

    Read more
  • Sample Health & Safety Policy Statement

    FREE DOWNLOAD

    Sample Health & Safety Policy Stateme...

    Here we’ve included a free sample Health & Safety Policy Statement that UK business owners can refer to.

    Read more
  • Pay Awards & Forecast (June 2018)

    FREE DOWNLOAD

    Pay Awards & Forecast (June 2018)

    Read Croner Reward's expert Settlements and Forecasts report for June 2018

    Read more
  • How Much Does Employee Turnover Cost Your Business?

    BLOG

    How Much Does Employee Turnover Cost ...

    A recent Glassdoor survey revealed that almost 35% of hiring professionals expec...

    Read more
  • Staff Turnover: What Do You Need to Know?

    BLOG

    Staff Turnover: What Do You Need to K...

    Having a high worker turnover can have mean two things: A negative impact on you...

    Read more
  • What is Wrongful Dismissal?

    BLOG

    What is Wrongful Dismissal?

    If you breach an employee’s contract, you could be liable for wrongful dismissal...

    Read more
  • bemrose-school-derby

    CASE STUDY

    Bemrose School Derby

    “Having Croner-i saves us a lot of time and money, as we do not have to use cred

    Read more
  • wmtr

    CASE STUDY

    WMTR

    “I’d definitely recommend the Croner OnSite services and I have done already, I

    Read more
  • certikin

    CASE STUDY

    Certikin

    “Our Distribution Manager had a particularly technical query relating to respira

    Read more

Ready to focus on what you do best?

Get your free consultation and speak to an expert today.