Page 13 - BOSS Today Issue 39
P. 13
PERSONAL
SPACE
The requirements of GDPR also extend into HR.
o prepare members for and destruction. Employers can use information have the right under the current
Tthe new data protection Companies will need to notices, also known as Data Protection Act to access
regulations, we’ve been regularly implement appropriate ‘Privacy Notices’ to provide information that is held by their
reporting on these and have run measures to ensure they comply this information. This will also employer in relation to them,
a number of regional workshops. with the GDPR and to ensure apply where an employee the regulations have been fine
As a result, we hope that you that only the personal data wishes to process existing tuned by the GDPR to be more
understand your responsibilities necessary for each specific data for a new purpose. transparent and accessible.
to protect your customers’ data: purpose is processed. This One of the biggest changes This article highlights
but are you also aware of your includes ensuring that: will be the principle of changes to the requirements for
Human Resources responsibility? n Only the minimum accountability, and companies processing employee data under
amount of personal data will have to demonstrate that the GDPR, but BOSS members
GDPR is collected and processed they comply with the GDPR. This should be aware that the GDPR is
The General Data Protection for a specific purpose means that extensive internal complex and contains additional
Regulations (GDPR) will come n The extent of processing records of data processing requirements and details that go
into force on 25 May 2018 is limited to that necessary operations will need to be beyond your employee data.
throughout the EU and will for each purpose kept, and these will also have If you would like additional
replace the Data Protection n Personal data is stored for to be produced for inspection, information on being GDPR
Directive and the UK’s Data no longer than necessary if requested. To assist with this compliant within your HR
Protection Act 1998. The n Access to the data is compliance, employers should Department, please contact your
implementation of these restricted to that necessary create a data register containing Regional HR Business Partner
regulations will not be impacted for each purpose information about all the or visit the BOSS website to
by the UK’s vote to leave the EU. personal data which is collected access example HR documents
The GDPR will apply to Accountability and processed by the company. which are GDPR compliant*.
‘personal data’, meaning At the point of collecting The GDPR will also place much
information that relates to an data from employees or more stringent obligations on n FOR ADDITIONAL
identifiable person, and will job applicants, employers employers to ensure that they INFORMATION REGARDING
include any information held will have to provide more have the systems in place to BOSS SUPPORT IN YOUR
in paper files or electronically, detailed information about respond to any ‘data subject BUSINESS BECOMING
including information that may the processing of personal access requests’ received from GDPR COMPLIANT, PLEASE
be held outside the EU (for data than they do currently. employees. Whilst employees CONTACT MEEKA WALWYN-
example an HR database or LEWIS IN OUR SPECIALIST
outsourced payroll). The GDPR SERVICES DEPARTMENT AT
will regulate the ‘processing’ of MEEKA.WALWYN-LEWIS@
such data, including its BPIF.ORG.UK
collection, storage,
use, alteration,
disclosure *available to Gold and
Platinum members
April/May 2018 | BOSS TODAY 13
