· 1 min read · Features

Hot topic: Data protection regulation

Published:

Updated EU data protection regulation may impose restrictions on the use of employee data. This could mean businesses have to pay fines and sanctions of up to 5% of annual turnover if they misuse employee information.

Does this regulation prove using employee data is an intrusion of staff privacy? How can HR strike the balance between making the most of data and protecting employees’ privacy?

Today, Sarah Henchoz, partner at Allen & Overy, gives her view. 

"Privacy matters to employees. How you collect their personal data is of great concern to them.

But how you operate as a business is increasingly dependant on your ability to process such data. Smart use of data (including big data) will impact on recruitment decisions, compensation and benefits, mobility of your workforce and structural growth; ensuring you remain both an employer of choice but also an advanced and profitable organisation.

The proposed new regulations on data protection will impose greater restrictions on how data is processed, but they will also bring great opportunity for HR professionals. Employees will need to give express consent for their data to be processed so you will need to start thinking about how consent has been obtained to date and how you will do it going forward – it will no longer be possible to rely on a signature at the end of a contract.

Have you been clear as to the purposes for which you collect employee data? How will you address future purposes given the speed of innovation? You will need to make sure employees have sufficient information about the intended purposes so that their consent is valid, but at the same time create flexibility for the business to explore new initiatives without having to go back for further consent.

Do you process data across borders, manage it centrally or do you engage with third party processors? All of this will become much more heavily regulated and therefore you will need to reassess existing arrangements and third party agreements to ensure they adequately protect information.

Companies that start planning for this now will not only be in a much stronger position to use the data they collect for strategic purposes, but will also gain their employees’ trust by being transparent about how they plan to protect privacy. This increases staff engagement, making it a win-win for everyone."