A recent webinar on the topic of the GDPR (General Data Protection Regulation) run by PeopleDoc and international law firm, Morgan Lewis, attracted plenty of delegates. Given the publicity around GDPR that’s hardly surprising, after all it’s due to be implemented in May next year, but the fact that over 350 people signed up so quickly suggests to me that this is an issue which remains high up on the agenda for many HR professionals (and if you’d like to know more you can still view The GDPR: What HR needs to know webinar).
Prepare for GDPR
Staying on top of international laws and legislative requirements is a daunting enough task at the best of times, especially for those organisations operating in different countries and regions. The GDPR is just another of many, but naturally has serious implications for anyone with EU based staff. And Brexit won’t help. Although it will not be settled in this timeframe, the UK Government has made it clear that GDPR will still apply to firms in the UK. Non-compliance is not an option, but failure to meet the required rules could result in considerable financial costs - with fines of up to 20 million Euros or four per cent of worldwide annual turnover.
The GDPR protects the personal data of EU residents, even if they are not EU citizens, and any company with EU-based employees is affected. Even if your company is not established in Europe but you have employees residing in the European Economic Area, you must comply with the GDPR - as must any third-party vendors that process employee personal data for you. It also guides a wide range of data privacy processes that will affect many organisational and procedural changes within companies. HR departments will need time and resources to account for each new compliance area, and companies may not only face fines for non-compliance, but employees will be able to take legal action against, and claim damages from, both employers and third-party vendors.
Of course, help is at hand. As well as webinars from companies such as mine, there is plenty of guidance and advice on hand to help explain just what GDPR is, who it applies to and what steps you need to take now to comply. We launched HR Compliance Assist, an online service to offer information on key areas such as data privacy, record retention and the use of electronic records, for our own customers, but there are many sources of help and advice out there which are well worth exploring such as the Information Commissioner’s Office (ICO), the CIPD or Personnel Today/XpertHR, for example.
Help with record retention policies
Another major challenge our customers face is the management of document retention for employee related records. This could include almost any piece of personal data, from personnel files, to payroll information and benefit records, even background checks. It’s a complicated process to manage because the rules not only differ between countries, but each document in each country may well have its own individual retention requirements. Once again, the financial penalties for non-compliance can be very high, so we’ve combined our experience of working with customers in this area with the expertise of Morgan Lewis to create Employment Record Retention Laws, a summary of document retention guidelines across many key markets.
Make sure the technology supports you
HR professionals play a critical role in both understanding and ensuring compliance with each regulation. Of course, a critical first step is to understand the relevant legislation, but HR also needs to assess the impact this will have, not least on the way that information is stored and managed. At this point the right tools become vital. Without them, compliance becomes a minefield, particularly for global organisations.
But the good news is that best-in-class technology and digital solutions are available to both support compliance - wherever you operate - and mitigate the risks. The key to successful implementation is having a flexible, easy to update system that meets the unique needs of your organisation, effectively managing local requirements, and supporting worry-free compliance. Modern, agile and comprehensive platforms, able to streamline and automate key processes, and give HR back vital time to spend on other issues, are ready here and now.
So when you’ve finished that webinar and got fully up to speed with the likely impact of GDPR on your organisation, the good news is that solutions to enable you to manage and stay on top of those requirements are just a click away.
Arnaud Gouachon is chief legal and compliance officer at PeopleDoc
Read our ebook Why Worry? A Practical Guide to Proactive HR Compliance