socialmedia linkedinsocialmedia twitter

background courses

Could the GDPR become the next PPI platform for a generation of lawyers?

on Thursday, 15 February 2018.

Could the GDPR become the next PPI platform for a generation of lawyers?

The onerous penalties for non-compliance with the new General Data Protection Regulations – €20m or four per cent of annual turnover, whichever is the larger – have no doubt helped to focus the minds of senior management and to galvanise action around businesses in the UK.

However, we predict that they will not be the only potential legal cost of non-compliance with the GDPR requirements.

In fact, at the Learn Centre, we are concerned that businesses are not doing enough to protect themselves when it comes to their HR and payroll data, quite literally, because they do not have enough understanding of the implications of non-compliance in this area.

Too few organisations are providing GDPR training and support to HR and payroll teams so that they can deal with data protection in these areas, and as a result, they may be open to action from present and former employees.

We have run literally dozens of courses over the past year on the impact of the GDPR on payroll and HR data, and this has revealed a shocking lack of awareness of the need to plan for payroll and HR data as much (and possibly more than) for customer data.

Understanding how HR and payroll data could become an enormous data protection headache once the GDPR is introduced is essential – and we strongly recommend all companies should send HR and payroll employees on a specially designed GDPR training course so they can be ready for May 2018.

A key issue is that payroll and HR data is an iceberg – only a small amount is visible above the surface.

Every employee process – recruitment, assessment, development, training, remuneration, benefits, insurance and eventually, termination – incurs data. Much of that data will be shared with third parties, from recruitment companies to travel operators to benefits and payroll suppliers. Some of the data will be captured invisibly by features such as location services on mobile devices that companies provide to their employees.

All of this information needs to be carefully considered to ensure that the data is obtained, retained, shared and updated responsibly.

We find most people who attend our training courses leave feeling astonished at the extend of HR and payroll data that the GDPR embraces – as well as feeling empowered to take the correct next steps to protect it.

Companies that do not protect employee data carefully in line with the GDPR not only face a serious threat of fines from the ICO if they do not comply.

At the Learn Centre, we predict that there is a real risk that the GDPR will be used as a platform for compensation by lawyers on behalf of disgruntled terminated employees who do not have other avenues of compensation to explore.

All the employee needs is to find one element that has not been considered. This could be a benefits supplier that offshores processing – or its member call centre – outside of Europe in order to reduce cost.

Once it becomes apparent how the GDPR could become a platform for private compensation claims from former employees then the scope for lawyers to market services to exploit this could multiply, as it has with PPI as well as personal injury claims.

Companies cannot be too prepared for the GDPR. Unfortunately, we are hearing that too many companies are prioritising the protection of customer data at the expense of the needs of HR and payroll teams.

Get the right training and information to address this issue in your organisation today. It’s not too late to start preparing for the GDPR. The cost to your business of not doing so could be much greater than the much-discussed fines if your company leaves itself open and does not adequately and demonstrably safeguard HR and payroll information.