Does employee data come under the purview of GDPR?
Should companies avoid collecting employee data once GDPR comes into effect? And the GDPR has impacted on HR system, which has been enriched with insights from enterprise-wide data analytics.
No matter, it is resource allocation, talent management, or HR strategy, everything needs understanding from the employee data.
As data takes centre stage in all world affairs, it was only appropriate for the EU to come forward with a strong regulation like GDPR to protect the user data. The Data Protection Directive of 1995 has been extended in scope to create GDPR. The laws for data collection and processing have become more stringent, and employers should take note of it.
Is Consent Enough?
Employers will need consent to take employee’s data in their hands. However, once GDPR comes into effect, it will shake things up. Now, the employer has to reword their contract to tell the employees about the type of data they will collect and how they are going to process it. GDPR will require employers to remove any ambiguity or uncertainty from their employee contracts.
It is understandable that in the employee-employer relationship, consent is never truly free. GDPR will be able to reconcile for this. GDPR will require employers to present legal grounds to process private employee data. At any point, an employee can withdraw consent and employers need to have systems in place that allow such flexibility in data management. In this scenario, the good old consent form will not suffice.
Clearing the Old Data
When GDPR impacts on HR system, employees must make sure that they are making their database up-to-date.GDPR impact on the HR system, Why? Because they will not be allowed to hold employee data that is not required by the organization longer than its intended purpose. It could be either the old contact information of the employees, sensitive records of past employees, or personal details of temporary staff. Alternatively, it should be stated in their consent form that the company will store their information.
For instance, if the staff is using the HR system, which doesn’t allow to eliminate customer’s data, then a new and effective HR system must be brought in the HR department.
Informing About Data Breaches
Cyber attacks and data breaches are among the primary drivers of GDPR’s existence. The lawmakers had to make sure that the data controllers were taking proper steps to secure the user data from hackers. With GDPR coming into effect, businesses are bound by law to inform those affected by any data breach of their databases within 72 hours. If organizations use, store and process an employee’s data, then first it must inform.
It is obligatory for HR departments to comply with GDPR while handling employee’s data. If the data they are processing is sensitive, it should be encrypted to manage it securely. They ought to bring systems that allow encryption. It would also serve them well to provide similar blanket protection to their emails which might carry private information about the employees.
GDPR is going to create a safer data environment, but there are high costs involved here. From revamping the systems to ensuring that proper consent is in place. HR departments that are handling data of EU nationals have their work cut out for themselves. They have to hurry because the May 25 deadline is fast approaching and the fines for not complying can be up to €20 million and jail time.
There will be businesses that won’t be compliant with GDPR by May 25th. The question is – how many of them will it be?