GDPR is often discussed, but usually from a holistic perspective and in general terms. But what this lacks is the "so what" factor, the "how does it affect me and what am I meant to do?"
In this blog, we look at GDPR specifically from the point of view of HR teams.
How does GDPR impact HR in practice?
There are three main areas for HR Teams to focus on:
- Do not keep files for longer than necessary
- Data should be collected and stored for a specific and legitimate purpose - never 'just in case' or for ease
- Individuals have stronger rights, including the right to request, access and erasure
To achieve this, you'll need to:
- Audit your existing approaches to managing data and processes
- Have a retention policy in place
- Delete whole records once certain parameters are hit
- Some documents within active employee files might have to be deleted when certain dates are hit. For example, after three years DBS checks made during on-boarding are to be destroyed
- Be prepared to receive, refuse, accept and carry out in a timely fashion Subject Access Requests (SARs)
Restore have been working with HR teams to achieve GDPR compliance through our document management system eView. Manual processes are proving for many HR Teams an onerous way to manage GDPR. Our new module allows you to tag all files and documents and create rules that automatically pull files that meet criteria you have defined and move them to a 'recycle bin'. This gives you the opportunity to review the documents set for deletion, before they are removed permanently, as per GDPR.
Obviously eView only works with electronic records, but scanning is quick, easy and cost-effective, and through indexing and meta data you can easily pull all information together when SARs are issued. It also allows you to define ownership of information and permissions, so you can decide who can access what information. There is also a clear audit trail, who accessed data and when, when data was deleted etc, proving your compliance to GDPR.
If you'd like to chat more about GDPR feel free to pop us an email: firstname.lastname@example.org