The GDPR (General Data Protection Regulation) comes into force on May 25, 2018. A turning point in personal data protection policies. This policy has implications for companies, especially European. In which, the HR are among the most affected departments. Why? How to manage the HR compliance process? What if the GDPR didn’t turn out to be a good opportunity?
GDPR : the HR are involved in particular
For many years, the various regulations in place have been mainly concerned with protecting customer data, while employee data have often remained in the shadows. The deal changes with the new rules! Employee personal data is now at the same level of importance as customer data. This is because data managed by HR is considered sensitive.
The GDPR specifies that the so-called “sensitive” data must benefit from special treatments and be closely monitored. Such as, you, HR, who manage payroll, sick leave, management leave for family events, etc. All will have to undergo shifting of data processing to ensure compliance with the European regulations.
How to bring HR into compliance with the GDPR?
To bring all HR procedures into compliance with the GDPR, careful preparation is required. First, appoint a team in charge of the compliance in the HR department. The team will be in close contact with the company’s Data Protection Officer (DPO) and will be in charge of all operational aspects.
To get started, this team will need to map the data managed by human resources accurately. The more exhaustive this list is, the easier it will be then to take the necessary measures. Be careful not to underestimate the specific data of certain subsidiaries (such as the obligation to declare one’s religion in Germany for example).
Then, the team will have to carry out an audit of the processes of collection of this data and of the operation which is reserved to them. Following this audit, impact measurements of the data processing will have to be carried out to determine the risks. What would happen if a manager performance Excel leaked? What if the individual interview files were hacked? For this part, you can be accompanied by a law firm to leave nothing to chance.
Of course, these analyses should be conducted regularly. In addition, all steps taken to comply with the GDPR must be documented. This documentation must also be constantly reviewed and fed.
The GDPR: an opportunity for the HR
Given the magnitude of the project that awaits you, you are entitled to think that the GDPR is a hassle. However, this settlement may ultimately prove to be the perfect opportunity to improve the performance of the HR department. Let’s take the mapping step for example. Without the GDPR, nobody would have realized how time-consuming this task is. So since you do not really have a choice, this is the perfect opportunity to carry out the big spring cleaning in your data (and to comply at the same time with the principle of data minimization of the GDPR)
Then, the audit and the impact measurements made will certainly allow you to see more clearly in the diversity of data processing practiced within HR. Again, this may be the right time to simplify or even eliminate some processes that have become too complex or useless? Circumstances also lend themselves to the implementation of new and more efficient solutions in accordance with the principles of the GDPR. Would it not be an opportunity, for example, to restart the work of collecting variable payroll elements left in the closet for too many years?
The GDPR is certainly a difficult turning point for companies because of the range of changes that must be made. However, with simple solutions, such as Gathering Tools (which allows you to integrate all your Excel processes into the IS, to secure them and to make them more reliable), it is sometimes faster and less costly to comply than you can.
Pingback: RGPD et RH : quels enjeux ? - Fragrances RH