gdpr - The HR Forum - DPG Community2024-03-28T20:27:55Zhttps://community.dpgplc.co.uk/human-resources/feed/tag/gdprA perfect storm?https://community.dpgplc.co.uk/human-resources/a-perfect-storm2018-05-11T06:10:57.000Z2018-05-11T06:10:57.000ZSarah Loateshttps://community.dpgplc.co.uk/members/SarahLoates<div><p>Interesting to read a recent study by the IoD that 6 out of 10 SME Directors do not feel prepared for GDPR with 2 weeks to go an counting!</p><p><a target="_blank" rel="noopener">hthttp://www.itpro.co.uk/data-protection/28029/latest-gdpr-news-uktp://</a></p><p>Did anyone see the latest front page for People Management?</p><p>Businesses are now dealing with the 'perfect storm; of GDPR, Gender Pay Gap Reporting and the removal of ET fees. (Oh and did anyone mention Brexit?)</p><p>It is certainly gettig busier in the HR space at the moment</p><p>How do you feel about this? What are you prioritising for your business at the moment?</p><p>Would be great to hear</p><p>All the best</p><p> </p><p>Sarah</p><p> </p></div>GDPR - new guidance from the ICO on legitimtate interesthttps://community.dpgplc.co.uk/human-resources/gdpr-new-guidance-from-the-ico-on-legitimtate-interest2018-03-30T15:10:49.000Z2018-03-30T15:10:49.000ZSarah Loateshttps://community.dpgplc.co.uk/members/SarahLoates<div><p>For those of you who are still deep in GDPR, the ICO issued some guidance last week on one of the lawful reasons for processing data legitimate interest.</p><p> </p><p>As you may already know, GDPR will require that organisations can demonstrate compliance with the data protection principles <strong>and</strong> at least one lawful basis for processing the data, of which there are 6. Many organisation will choose to rely on the legal basis or consent, that said legitimate interest can be a flexible alternative. This may be useful to share with your marketing colleageues.</p><p> </p><p><a href="https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests-1-0.pdf" target="_blank" rel="noopener">https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests-1-0.pdf</a></p><p>Enjoy!</p><p> </p><p>Sarah</p></div>GDPR - how is it going?https://community.dpgplc.co.uk/human-resources/gdpr-how-is-it-going2018-02-04T10:49:37.000Z2018-02-04T10:49:37.000ZSarah Loateshttps://community.dpgplc.co.uk/members/SarahLoates<div><p>Hi all</p><p>I wondered if I could start a discussion on GDPR, as the implementation date for the legislation looms it would be great to share:</p><p>Anecdotally I am hearing that with the perfect storm of GDPR, and Gender Pay Gap reporting aligning that some organisations are currently very busy!</p><p>What steps have you taken to date within your organisation?<br/>What have been the key lessons learnt so far?<br/>What areas are you still unclear about and would benefit from clarity?<br/>Any training which you have found to be of benefit and has taken a practical approach to implementation?</p><p>For my own business (a micro business) we have been data mapping where our existing data is and also ensuring that we understand how it is accessed and the lawful basis for processing this. Of course consent is also a key aspect in terms of ensuring we have this prior to processing any data.</p><p>One of the aspects which I am trying to understand better is how to ensure that all third parties who my company shares data with (lawfully) that we are satisfied that they are compliant.</p><p>OK so who would like to start with their experiences?</p><p>Let's see if the community can really share best practice on this one!</p><p>All the best</p><p>Sarah</p></div>Help required - GDPRhttps://community.dpgplc.co.uk/human-resources/help-required-gdpr2018-01-17T10:03:11.000Z2018-01-17T10:03:11.000ZVictoria Russellhttps://community.dpgplc.co.uk/members/VictoriaRussell<div><p>Hello,</p><p></p><p>I am looking for some assistance with the dreaded GDPR with a special focus on what is classed as transfer of data outside the EEA.</p><p>We are currently recruiting for a designer to work in our HQ in Scotland however the manager/team leader of the design team are based in India and will need to be involved in the recruitment and selection process.</p><p>We utilise Google Drive for storing recruitment candidates with limited people having access. If we were to give the manager/team leader in India access to these folders would this be classed as a data transfer? If that is, can you advise what I would need to put in place to ensure they are able to access the CV's?</p><p></p><p>Sorry I have another query based regarding data transfer outwith the EEA. We have a globally distributed team of contractors some of which are team leaders and are required to authorise timesheets and invoices for their team (both documents will have personal details on them). A couple of examples of the process are</p><p>Contractor A based in San Francisco sends his timesheet and invoice via e-mail to their team leader based in Argentina, once authorised the team leader then sends the timesheet and invoice to payroll at HQ in UK for processing. Is this classed as data transfer as the information is coming to us from outwith the EEA</p><p>Contractor A based in San Francisco sends his timesheet and invoice via e-mail to payroll at HQ, this has not yet received sign off and needs to be sent to the team leader via e-mail in Argentina for authorisation, once authorised this is sent back to UK. I am guessing this would be classed as data transfer?</p><p></p><p>Any advice and guidance on data transfer would be greatly appreciated.</p><p></p><p>Thanks in advance</p><p></p><p>Victoria</p><p></p></div>Fours words of dread?https://community.dpgplc.co.uk/human-resources/fours-words-of-dread2017-08-25T09:52:36.000Z2017-08-25T09:52:36.000ZSarah Loateshttps://community.dpgplc.co.uk/members/SarahLoates<div><p>Are you GDPR ready?</p><p>OK may be not dread but as an HR professional this is something I want to get my head around.</p><p>For me data protection is not the most fascinating of subjects and I find myself nodding off reading the plethora of information out there currently. I once read somewhere that if you couldn't explain something simply you don't understand it well enough! Evidenced recently when I heard Peter Higgs explain on the radio what Higgs Boson is in about 3 minutes!</p><p>Does anyone have a resource which brings the topic to life and explains it in an easy to understand manner?</p><p>Please do share any resources in which you may have I am sure there are also others out there who we be most grateful.</p><p>Alternatively if you could share how your organisation is preparing for this from a practical perspective that would be great as well!</p><p>In the meantime for those who are yet to start your GDPR journey I also attach an overview:</p><p><a rel="nofollow" href="http://www2.cipd.co.uk/pm/peoplemanagement/b/weblog/archive/2017/08/23/what-does-hr-need-to-know-about-gdpr.aspx" target="_blank">http://www2.cipd.co.uk/pm/peoplemanagement/b/weblog/archive/2017/08/23/what-does-hr-need-to-know-about-gdpr.aspx</a></p><p>Thanks in advance!</p><p>Sarah</p><p></p><p></p></div>Snooping on job applicants?https://community.dpgplc.co.uk/human-resources/snooping-on-job-applicants2017-07-14T10:57:04.000Z2017-07-14T10:57:04.000ZSarah Loateshttps://community.dpgplc.co.uk/members/SarahLoates<div><p>I have been trying to get up to speed with the new General Data Protection Regulations and the potential impact. A number of particpants have reported they have been on courses recently and that the changes are quite far reaching.</p><p>So I was interested to read how this could impact those businesses which use social media to assess applicant's suitability for a role:</p><p>An EU data protection working party has ruled that employers should require "legal grounds" before snooping.</p><p>The recommendations are non-binding, but will influence forthcoming changes to data protection laws</p><p><a rel="nofollow" href="http://www.bbc.co.uk/news/technology-40592516" target="_blank">http://www.bbc.co.uk/news/technology-40592516</a></p><p>It would be interesting to hear your thoughts about whether this is acceptable or not?</p><p>All the best</p><p>Sarah</p></div>GDPR what you need to know......https://community.dpgplc.co.uk/human-resources/gdpr-what-you-need-to-know2016-12-09T09:24:47.000Z2016-12-09T09:24:47.000ZSarah Loateshttps://community.dpgplc.co.uk/members/SarahLoates<div><p>So despite Brexit, the UK will implement the General Data Protection Regulation (GDPR) when it comes into force on 25 May 2018.</p>
<p>A useful summary below for what you need to start thinking about to get your orgamnisation 'match fit' for the new regulations.</p>
<p><a rel="nofollow" href="http://www.personneltoday.com/hr/general-data-protection-regulation-gdpr-employer/" target="_blank">http://www.personneltoday.com/hr/general-data-protection-regulation-gdpr-employer/</a></p>
<p>All the best</p>
<p></p>
<p>Sarah</p>
</div>