30 April 2018
Eight handy tips you need to know before GDPR comes into force
SSF Business Consulting
Did you know that many businesses fail because they can't adapt?
They achieve moderate success but falter at the pressure of people management, employing more staff, training good leadership teams and implementing processes to underpin their business growth strategy.
Many businesses are being impacted by the changing landscape politically, economically socially and legally. Businesses are struggling to keep on top of changes such as Brexit, Employment Legislation and other political, social or environmental factors. and their impact on employee related activity.
So, if you are not ready for the impact of GDPR on your employee related activity, it could have significant implications on the survival of your business. Whether you are already prepared for GDPR or if you think GDPR sounds really complicated; keep on reading below for some helpful tips that will shine a light and help you to navigate through the minefield of information about GDPR!
Eight key things that you should know ready for GDPR before 25 May 2018
- Consider ‘pseudonymisation’ data when processing personal data so that you can’t tell from looking at it which person it relates to. Keep additional information (a key or code) separately and securely to enable you to decode it.
- Think about whether some data can be anonymised. Do you really need to be able to identify the employee to use the data? For example, if you are processing information for research or statistics, then you could probably anonymise it. We see this a lot in the public sector when data is collated for the purposes of equal opportunities; or in other situations such as when businesses are providing high level details for potential TUPE transfers or for tenders.
- Use passwords and encourage employees to use more complex passwords, not to share them, and to change them regularly. Passwords that have a mix of letters, numbers and special characters are always stronger and more secure.
- Encrypt data where possible, particularly if you are transferring data or allowing remote working. However, you need to ensure that the person receiving this is able to do so in its encrypted form.
- Think about the devices that employees use and their security access. Will you still allow employees to use their own smartphones, tablets etc. or will you provide company phones and laptops now instead? Will you choose to restrict the use of wifi access and also access to certain websites too?
- Only process personal data that is absolutely necessary for specific purposes and that this is only done with appropriate consent.
- Put in place measures to ensure you are compliant with the principles. Make sure you have appropriate policies and procedures for processing and keeping data securely; and that you comply with removing irrelevant or legacy data, or requests to be forgotten.
- Always keep accurate records to prove you are compliant and make sure that your People, Processes and Systems GDPR ready.
Are your people processes and systems GDPR Ready?
Although GDPR has been in the pipeline for a considerable period of time, not everyone who needs to know what it means, is prepared for implementation on 25 May 2018. We have spoken to some people recently who still don’t fully understand what it means for them and many others are nowhere near GDPR compliance. Even if you are not responsible for controlling data, it is highly likely that you are responsible for processing, so will still be responsible for ensuring that you are GDPR compliant, and you need to know what this means for you and your business. If you or your team have not already started the process, don’t be surprised with the amount of work involved in getting ready for GDPR! It’s not something that you can do overnight and will probably be a big headache to start with.
Next steps and how we can help you
Data Protection doesn’t end with the implementation of GDPR on 25 May 2018 and there are other changes in the pipeline that will have further implications on data processing in the UK.
- The UK will be implementing the Data Protection Bill to replace the current Data Protection Act, which will apply further aspects of GDPR to the UK. It will impact on areas such as National Security and Law Enforcement, but implementation was delayed as it was not finalised in time for GDPR. Other EU Privacy Regulations looking at how organisations handle their direct marketing activities are also in the pipeline for 2019; and will bring penalties for non-compliance.
- Whilst some businesses are making strong progress towards GDPR readiness, many have underestimated what they need to do to get ready for their GDPR. There are some practical steps that employers can take now to start to make a difference such as GDPR HR Audits; implement robust data processing policies and processes; have appropriate reporting in place to deal with changing consent preferences; and Data Protection training for employees.
- Businesses need to ensure that the emphasis on Data Protection does not stand still and that the issue of data protection remains at the forefront. Don’t assume that everyone already knows about GDPR, it is advisable to ensure that data protection is a core part of any onboarding process whether for external or internal appointments; and remains high on the agenda.
It’s always better to be prepared and proactive; and we can help you to avoid the pitfalls so that you can continue to do what you do best!
SSF Business Consulting have partnered with many Clients to mitigate risks and to comply to their statutory obligations.
We offer Consultancy Services ranging from supporting with Business Transformation and Organisational Design; Employment Law and HR Consultancy Services; and Leadership Development.
For a more detailed guidance on how to make sure you are ready for GDPR and beyond, contact Sonia Freestone on 07525 849 175 / 0121 249 2721 or email email@example.com.
Alternatively, for advice on how to avoid firefighting and for information on how we can work with you, visit our website here.