GDPR, HR and IT: an exercise in communication

(Source - Nick Ismail - Information Age)

The General Data Protection Regulation (GDPR) represents a fundamental shift in the way businesses will need to treat personal data – both for their customers and for their employees

Much focus has been given to the technical aspects of GDPR, but assuming implementation and management will fall to IT and compliance is incorrect. From an internal and employee data perspective, it will be the HR department tasked with making GDPR a success.

An exercise in communication

A recent survey suggests HR is still a divided profession when it comes to GDPR. Almost half (44%) of the 1,800 HR and payroll professionals surveyed did not even know what GDPR was. For those that did, however, 81% feel that they will be ready to manage the changes when they come into force in May 2018. The majority of these professionals are working in collaboration with other departments to ensure preparedness for the new regulation.

GDPR will require significant changes to employee data and privacy processes. Whilst IT is playing a leading role in the implementation of GDPR throughout the whole business, responsibility for managing employee data falls to the HR department.

GDPR is an exercise in communication, as much as it is compliance. HR will need to work closely with IT, to ensure both are ready for the new regulation, and with employees to ensure a smooth transition to the new framework.

Working with employees

HR will need to work with employees to ensure everyone is aligned with the new GDPR framework. Central to this will be the shift in how HR handles employee consent. A simple sentence or paragraph in an employee contract will no longer be enough; employees will need to be explicit with their consent. They will need to know how the organisation intends to store, control and manage their data, and this will need to be detailed in a separate document. Employees will need to sign it – either physically or digitally. Without this, organisations risk severe penalties for unlawful processing of data.

Formalising this process serves two purposes. Primarily, it means the organisation needs to achieve compliance with the required standard. But this also acts as an engagement tool, demonstrating to employees that the organisation wants them to know exactly how their data will be treated, and what they are consenting to.

Neil How
Posted by:
Neil How

Neil ran his first SAP transformation programme in his early twenties. He spent the next 21 years working both client side and for various consultancies running numerous SAP programmes. After successfully completing over 15 full lifecycles he took a senior leadership/board position and his work moved onto creating the same success for others.

More about Neil
Close Menu