With just over a month to go until GDPR comes into place, it is becoming clear that it is prompting more angst than ease – especially amongst HR professionals.
Due to the nature of an HR role, specifically the gathering and holding of personal information, GDPR will have a massive impact on the way HR professionals process data.
Whilst there is an abundance of stories regarding data breaches that have haunted HR professionals for some time now – involving anything from the disclosure of employee medical records to salary information – GDPR can actually provide improved methods of working and, in some ways, become a secret weapon for HR.
Understanding the benefits
The implementation of GDPR, the most significant change to data protection laws in nearly 20 years, could mean that organisations face crippling fines in the event of data breaches. New regulations will force HR professionals to think carefully about their data processes, ensuring that they treat personal data correctly and plug any gaps in compliance.
Although this may appear to be a stressful and difficult process, it can also help organisations to build a healthier relationship with their employees. The process of auditing data and assessing how it is stored could, for example, help identify new opportunities such as unused skills among existing staff, or pinpoint training requirements.
The flip side of all this work in implementing better processes is that there is also an opportunity for companies to make more effective use of the data available to them.
Addressing widespread worries
When it comes to the data that individuals choose to share online, consumers are becoming increasingly concerned over where it goes and what’s done with it. A survey by the Information Commissioner’s Office, the UK's independent data protection regulator, shows that only one in four people trust businesses with their personal information.
GDPR is coming into force to address widespread concerns about how businesses store personal information.
The department that’s often tasked with leading the deployment of measures related to data protection - IT - is equally concerned. Research by Kaspersky Lab into how IT departments are approaching GDPR found that most IT decision makers surveyed (64%) say they are worried about how many organisations have access to their personal information.
Improved communication methods
For HR professionals, the changes involved with GDPR will impact their everyday work – not only by greatly expanding employer obligations to current staff, but also to prospective employees in terms of the information they supply throughout the recruitment process.
This means that more emphasis will be required on getting consent from employees about the storage of their personal data, as well as better communication about how that data will be used within the company.
GDPR offers the ideal opportunity for HR professionals to play a unique role in forming a culture of good data practice.
Retention periods for records, such as personal financial information, addresses and contact data, will also need to be identified, monitored and accurately recorded as there will be much tighter standards on the nature of data that employers can retain and for how long.
Although there won’t need to be any major changes for most organisations, there will need to be formalised processes for the collection of staff data and the storage of that information. Organisations should be knowledgeable on what data is saved where and be open about how it is being used.
Learning from the ways of HR practitioners
HR leaders are already experienced in dealing with large volumes of personal data, such as banking and contact details, and they can help steer other departments on the path to accepting GDPR as an instigator for valuable change.
GDPR will undoubtedly trigger new policies, but those changes won’t happen on their own. Employees will need to be educated and trained, and HR is ideally placed to oversee that process, having the experience of implementing company-wide policies and procedures.
HR will play a pivotal role in creating an environment that is compliant to GDPR, and the first step to success is acknowledging this.
Data protection practices including employment contracts, staff handbooks and employee policies will all need to be reviewed.
HR can play a critical role in helping staff to understand their new rights with regards to personal data and ensure that new policies are adhered to, particularly when new employees are trained as part of an onboarding process.
Creating a culture of good data practice
Data is integral to every part of an enterprise and, as a result of this, organisations should be looking to uncover all opportunities to add insight into business operations through its use. This does mean, however, that every job role will be impacted – and everything, from call recordings to interactions with customers, will be under scrutiny.
This is where HR truly comes into play, as GDPR offers the ideal opportunity for HR professionals to play a unique role in forming a culture of good data practice. Employee knowledge can be enhanced by driving a better understanding of data privacy, as HR can be used as a launchpad to embed changes within the body of a business and in the minds of its employees.
GDPR will become effective on May 25, 2018 and as the UK will still be a member of the EU, the UK government has confirmed that the regulations will apply in the UK.
HR teams will need to assess their current processes and procedures to ensure they are ready for these challenging, yet empowering, new regulations.
Creating a GDPR-compliant environment
HR will play a pivotal role in creating an environment that is compliant to GDPR, and the first step to success is acknowledging this. Employees must understand their role within GDPR and the implications of any failure to meet the new regulations.
If done successfully, GDPR could help put HR practitioners at the core of the data discussion and allow businesses to embrace it as a catalyst for positive change.
About Adam Maskatiya
Adam is a technology professional, with a 20+ year career in consulting, enterprise software and outsourcing services. In June 2017, Adam joined Kaspersky Lab to serve as General Manager of the UK business. Prior to joining, Adam was a Director at KPMG UK LLP where he acted as a client advisor in the firm’s International Markets Group business. Prior to joining KPMG, Adam held senior leadership positions at CA Technologies Inc. & Novell Inc. after starting his career after graduation at Computacenter UK Limited. Over the past ten years, Adam led both large overlay and enterprise sales teams, strategic business units and Partner & Channels businesses in the EMEA enterprise software market.