Hi all
I wondered if I could start a discussion on GDPR, as the implementation date for the legislation looms it would be great to share:
Anecdotally I am hearing that with the perfect storm of GDPR, and Gender Pay Gap reporting aligning that some organisations are currently very busy!
What steps have you taken to date within your organisation?
What have been the key lessons learnt so far?
What areas are you still unclear about and would benefit from clarity?
Any training which you have found to be of benefit and has taken a practical approach to implementation?
For my own business (a micro business) we have been data mapping where our existing data is and also ensuring that we understand how it is accessed and the lawful basis for processing this. Of course consent is also a key aspect in terms of ensuring we have this prior to processing any data.
One of the aspects which I am trying to understand better is how to ensure that all third parties who my company shares data with (lawfully) that we are satisfied that they are compliant.
OK so who would like to start with their experiences?
Let's see if the community can really share best practice on this one!
All the best
Sarah
Replies
Hi all,
Here is a quick link to steps that need to be taken quickly to make your company GDPR compliant - https://www.3bweb.com/blog/gdpr-compliance
If you want to save time re-writing policies etc. jump over to xpertHR, take a free trial and you will be able to download template GDPR privacy notices for job applicants and employees, Data Protection Policy and a lot of guidance of where to start.
I have to say that I have found the ICO website less than helpful when it comes to small businesses. They advise they have a section on GDPR for small businesses but all of the docs refer to Data Protection and not GDPR!!!
I have a question relating to data transfer which I am getting confused concerned about. I work for a company that has 11 employees all based in the UK and 16 contractors based worldwide. We use Google Drive to share information amongst employees. Some of these contractors have become Team Managers and will need to start getting involved in any future recruitment campaigns. If I store information on Google Drive and provide a link to a contractor in India is this classed as data sharing? What are the implications for sharing information with contractors and not employees?
We keep unsuccessful candidates on file for 12 weeks after a role has been filled, for those details that I have currently do I need to get their consent to keep the CV's for that amount of time (even if it is in their interest should they want to know why they didnt get the job?)
I am attending a CIPD event on GDPR this week which should be interesting.
Victoria
Hi Victoria
Great to hear you are getting your head around GDPR.
One of the areas as you know is to have a legal basis for processing and I am sure that legitimate interest would be a lawful basis i.e. the recruitment data is kept in order that the company can prevent a claim.
I am not sure about the Google Drive one so do let us know if you find out the answer at the event!
Thanks for sharing the information.
All the best
Sarah
Hi Sarah,
This is really interesting as my life is GDPR at the moment!!
The business that I work for have currently completed the data map and I have started writing the privacy notices (both recruitment and employee). I feel that the process hasn’t been to hard at the moment and has been very enlightening in what data we keep and what we need to cleanse!!
As a HR Consultancy we are having to ensure our clients are compliant and I’m currently going to all clients and carrying the out the process with them to try and help them become compliant on the HR side of data.
My biggest concern is how little a lot of the SME we work with know about GDPR
I would love to know how people are finding the process?
Hi Natalie
Yes I agree it does not appear to be on many SMEs radars at the moment as they may have other priorities.
I suspect this will only be an issue in the event of a data breach and then the ICO may look more closely at their compliance and arrangements for GDPR.
Thanks for sharing!
Sarah
I think this is one of the best articles I've read so far.
It's a much more honest approach than what you may have heard from others.
https://companyconnecting.com/news/gdpr-expert-%E2%80%93-new-snake-...
Lots or organisations are 'experts' willing to take your cash to make you 'compliant'
We've been chatting about campaigns and raising awareness and one idea we had was around creating posters of famous movies and tweaking them with some creative licence :)
Hi Sarah,
I'm glad you've posted this....thank you!
I am in a new position as HR Manager for a company with 164 staff and I'm pretty certain they haven't even started looking at GPDR!
I need a starting point so I can get ahead of this before it suddenly lands at my feet!
Anyone with any helpful tips and advice out there please get in touch!
Jenny
Is there a way to upload documents here, other than to upload images or show hosted documents? Here's an image I can share then...makes me chuckle every time.
Brilliant - I'll send a few things through that have been immensely useful to me that could help others.