It’s a jungle out there! It seems like every day there’s a new regulation or legislation being created and it can feel like you are being persecuted. The buzz word at the moment is GDPR and you can be forgiven for thinking, yet another burden for companies and management. Secure data management is something all companies need to take seriously.
GDPR is the EU's General Data Protection Regulation and comes into force in May 2018. uComply specialises in providing Right to Work solutions but, we know that GDPR will directly impact all employers.
Get it wrong and compliance breaches can result in penalties of up to €20million or 4% of worldwide turnover.
So what is GDPR?
From my perspective it's ‘Data Protection on Steroids’. It impacts any company/organisation that holds personal data for either the public or their workers. Perhaps you don't think you have personal data. What about references, credential checks, payment/tax details and identity documents for the Right to Work process, the list goes on. AND, it will apply to any employers / holders of personal information.
So, what has changed? There are number of books surfacing but here’s a 10,000 feet view highlighting some of the main points. Take the existing DPA (Data Protection Act) and add that:
- Data held is permission based (proof of valid consent).
- Personal data held should be secure, so look to digitise all paper records.
- You ensure clearly defined processes on storage of data, includes timescales and the purpose.
- You have a process in place to allow the ability to erase/correct/move individuals records when requested.
- Have a responsible person in the organisation who is appointed to manage data.
- Companies must have an understanding of their own organisations data flows.
Technology can help.
If we take the points above you can:
- Electronically capture and store validation that permission for holding personal data has been received.
- Ensure personal data can be held securely in digitised format helping you move towards a paperless solution through scanning records - thereby reducing the risk of lost records.
- Demonstrate that your processes are clearly defined.
- Have a process which electronically stores and captures records which are easier to manage and control, facilitating the ability to erase/correct/move individuals records when requested.
- Allow the responsible person in the organisation to see a dashboard of records stored, requests made and if there are any breaches.
- Understand your own data flows, as to implement technology you need to understand your process.
With technology, once you know what you have, then you can track, control and measure your GDPR commitments. We believe that mobile phones/tablets will take center stage combined with secure on-line (UK-located) database storage solutions to help manage the data being stored. Our MD Kim-Marie Freeston recently commented on the above in the Global Recruiter (link)
Effectively this level of fines, could in my view, create an extinction level event for the company/organisation concerned. In conclusion, the risks of loss of data through manual processes and pleading ignorance to data protection omissions are about to disappear!
Take control of your right to work process and help protect your pride. At the same time take a step towards GDPR readiness with uComply's help. Have a look at our mobile solution to see how it helps.
For those of you who are interested (an official version of GDPR can be found here)