Hot topic: Data security, part two
What is HR’s role in ensuring staff adhere to data protection best practice?
Ardi Kolah, co-programme director – GDPR transition programme at Henley Business School, says:
"Data protection and privacy is a complex and fast-moving area so it’s often difficult for HR professionals to keep on top of the potential risks to their organisations as well as how to avoid them. However, legislation in this area is moving apace.
"All organisations that process personal data of customers, clients, supporters and citizens must comply with the EU General Data Protection Regulation (GDPR) by 25 May 2018, and if it’s on a large scale they must appoint a Data Protection Officer (DPO).
"So what is HR’s role? There’s a big difference between employing a DPO and making sure that the compliance framework is in place to ensure they are able to do their job. HR has a pivotal role in making sure the DPO is heard at the highest level in the organisation. Equally, it’s essential that there is a close working relationship between HR and the DPO as the DPO is responsible for overseeing general awareness training of data risks across an organisation and for ensuring data protection staff receive the proper training.
"Finally, a word of warning. Current figures estimate that there is a shortfall of 25,000 qualified DPOs across the EU."
Lisa Sarjeant, senior HR business partner at Iron Mountain, says:
"HR plays a significant role in ensuring members of staff adhere to data protection best practices.
"If departments are to ensure the safety of their data and help prevent the likelihood of a leak, it is vital they ensure they are part of a company-wide risk strategy and are supported from the C-suite down.
"HR should apprise new employees of their organisation’s information management requirements as part of on-boarding. Special instruction should be given to those hired to work within HR and recruitment, as well as managers. At least half of all data leaks are caused by internal failure to comply with policies, practices, and procedures.
"Employees with the right training pose a reduced risk to their employer; training that HR should be in charge of organising. Alongside this, HR teams need to work in tandem with IT to ensure data is kept on a ‘need-to-know’ basis, providing staff access only to the systems that are vital for their roles."