With the recent Facebook and Cambridge Analytica scandal, data is at the forefront of many customers and employees’ minds. Therefore, the General Data Protection Regulation (GDPR) that has come into effect today, should bridge the gap and create a more effective and healthier relationship of trust.
What is GDPR and how does it impact your business?
The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy. It provides all individuals within the European Union and European Economic Area with greater control over their personal data and gives assurances that their information is being securely protected.
The task of complying with this regulation falls upon all EU businesses and even non-EU established businesses that offer goods or services to citizens in the EU. In order to comply, all businesses subject to GDPR must send notices to customers about the new changes to data protection. For those who do not comply with the new law, eye-watering fines of £17 million could be coming their way.
Why the changes?
The UK Government announced its intention for a new Data Protection Bill, that brings the EU’s GDPR legislation into UK law, to significantly strengthen a number of rights. Now, individuals will find themselves with more power and will be able to demand that companies reveal or delete any personal data they hold.
How can HR lead the way?
GDPR gives opportunities to HR professionals to thrive and show their talent to their employers. Below are five ways in which a HR team can help:
- HR experience and talent
Data protection is something every HR team has had to deal with, so being part of a team that makes your business GDPR compliant will show you just how important, motivated and talented your HR department are in your business.
If the HR team are not experts in data issues, handling personal data and customer data, then let this be the perfect opportunity to refresh their training while also making your business GDPR compliant. After all, businesses certainly don’t want the risk of that £17 million fine!
- Policies and Training
Having the training and policies in place for every level to understand and apply in your business is crucial to keeping compliant while handling data.
Just having well-drafted policies isn’t enough to keep your business on top of being compliant. There needs to be initial training and further training before GDPR takes effect to make sure your policies and employees understand GDPR before it comes into force.
- Limiting the risk
Limiting risks posed by employees and use of data is just as important as the drafting and reviewing policies. HR teams should be able to deal with any risk, regardless of the size to ensure data is protected and the compliance to GDPR is upheld.
To limit the risk, document and demonstrate every policy, training and proactive action the business has taken to show compliance and mitigate the risk of getting a fine. Having HR take the lead on this from the start for the business will limit the risks of landing a huge fine.
- Handling change
A HR team should be able to not only minimise the risk but also be able to have a programme that is agile and resilient to changes, potential risks and challenges when handling customer data. Communication needs to be clear, direct and past communications should be easy to find on databases. Every member of the business needs to know their role and responsibility.
- Make or break, HR expertise
This legislative change can be the making or breaking of some businesses. So be prepared, use the talent, skill and expertise of the HR team to create a business and group of employees who can champion GDPR and the way we look after, and comply with data protection. Leading the way and getting to grips with GDPR before it becomes cold, hard practice will put your business ahead of the rest.