By Stuart Evans
The General Data Protection Regulation (GDPR), which came into force at the end of May, contains significant changes to the European Union’s data protection policies. We last saw such significant changes in 1996 under the Data Protection Act, which was introduced four years after the public gained widespread access to the first stages of the world wide web. GDPR is introducing some big changes and it’s going to affect key customer interaction areas such as HR. So, what do you need to know, and how is this going to affect your business?
HR is important. It offers critical facilities to customers and potential employees from recruitment to performance management, compensation issues, health and safety, benefits, motivation, satisfaction and so on. A good HR team can boost a business in the eyes of its customers past its competitors which, in the long run, will lead to far more success.
It is important to note that HR departments collect a significant amount of data simply by interacting with your consumer base. For example, contact details, age, gender and address are all usually required just to enable warranty schemes on products. As such, GDPR is a very significant consideration for HR departments and businesses in general.
GDPR affects the data you can collect from individuals, how you can store and use it and what consent is required for its use. A far greater level of transparency is required under GDPR as the data controller (that is you, as a business) is required to inform customers and employees of all the ways in which their data is used. GDPR requires consent for every use and, should you want to use their information in a way previously unspecified, new consent is required.
In addition to this, GDPR requires the creation of a new security position within your business known as the Data Protection Officer, or DPO. The DPO is required to be knowledgeable in legal, technological and data security aspects and their role is to essentially understand, advise on and authorise your business’ handling of data through GDPR.
As such, with GDPR now in force, you will need to look into introducing this new role, if you haven’t already, and your HR department will need to liaise closely with your new DPO, as they are the aspect of your business that handles the most sensitive consumer and employee data.
What Does This Mean for your Business?
Introducing a new role like the DPO means a restructuring of departments where necessary and the recruitment and introduction of new paid employees where it previously may not have been required.
GDPR requires a significantly higher level of transparency on what customer data you are using and why, but it also provides opportunities for your business and HR. Added transparency is good publicity if you can demonstrate you’re taking a serious and effective approach to GDPR and the security of customers’ data
As a business owner, it is important that you consider GDPR and the effects it’s having on all areas of your company properly. Research is key; if you’re unsure of how to move forward, there are plenty of resources you can employ. But, if you’re not GDPR compliant, it is now more important than ever to become compliant as soon as possible, lest you find yourself facing significant fines and consumer backlash.