Date: 25/08/2017 | Business & Professional Services, Corporate, Data Protection & Information Law, Employment & HR, Healthcare, Regulatory Law
The GDPR will give employees greater powers over access to their personal data being held by the employer. They will have the right to request details to be rectified, restricted or even erased. Employers will not only have to manage these new rights but will also have to respond to any requests within a tighter maximum timescale of one month. Obviously this has real potential to drive costs upwards and increase the need for additional resources for business owners and employers alike.
All employers would be well advised at this moment in time to undertake an assessment and start to plan for the implementation of the GDPR in May 2018. Analyse and consider what your business's current practice actually is. Review policies and procedures and ensure that appropriate records of training and guidance are put in place prior to implementation of the GDPR.
It would be prudent for larger employers to put together a compliance team whose objective it would be to ensure that the business is in a position to meet the new standards in May 2018.
Consideration should also be given to smarter methods of accessing data by employees in order to reduce management time and costs in dealing with requests. Smarter use of technology could assist this process. Of course, it is imperative that commercial and confidentiality aspects are taken into account in determining what form and to what extent access is permitted.
Small businesses would be well advised to designate an individual with specific responsibility for ensuring compliance with the GDPR.
In summary businesses of all sizes will have to consider very carefully what personal data is being processed from the cradle to grave in terms of employment and devise and implement smart policies and procedures to ensure compliance.
Of course having policies and procedures in place is only part of the equation and ongoing compliance will have to be monitored and promoted internally.
If you would like to discuss the implications of GDPR for employers please contact Alan Strain.
Keep your organisation up to date with the latest opportunities and changes in commercial law with regular insight and updates from the experts at Davidson Chalmers Stewart.