socialmedia linkedinsocialmedia twitter

background courses

Make HR and payroll central to your GDPR planning

on Thursday, 15 February 2018.

Make HR and payroll central to your GDPR planning

It is not too late to start planning and preparing for the introduction of the General Data Protection Regulation in May.

However, there is not much time. Unless you are an expert or an organisation that processes zero personal data (both of which are unlikely), if you haven’t already done so, start preparing immediately.

Over the past year, we have run training courses and provided advice to dozens of businesses on what the GDPR is, how to ensure your organisation complies with the new regulations, and especially, how to make special provision for HR and payroll data.

This is an area that we are finding is all to easily forgotten, and we strongly recommend booking a place on a GDPR preparation course dedicated to the particular needs of HR and payroll as the first step in preparing for the changes in May.

One of the key themes that is emerging as we speak to people who attend our courses is that ensuring customer data is GDPR compliant is actually more transparent than safe-guarding employee data.

This is why specialist knowledge and understanding is so important and why we recommend training that is focused on HR and payroll.

Businesses are telling us that customer data is generally more centralised, digitised, more up to date and better documented and audited than employee data.

There is as much likelihood that employee data will include sensitive information that will require special handling as customer data. However, this may not be standard. Some of this may be linked to data relating to nursery vouchers or a child related benefit. In other cases, it will be linked to travel documentation, or to health insurance.

Employee data has a habit of lurking in corners. Much of it is kept in hard copy in files or on spreadsheets that may not all be located in one place and may be forgotten in storage. It is often shared – with pension providers, third party payroll and insurance companies, benefits companies, travel providers and many others. These companies may process data outside of the EU.

Employee data includes previous employees, as well as data captured from individuals who were interviewed and never employed.

HR data is surreptitiously captured and retained by devices that you may provide to your employees as part of their contract with you, including tablets, mobile phones and cars – if the worker connects a mobile phone to the vehicle.

Getting board level attention is another important factor that is emerging when we speak to people attending courses about their preparation for GDPR, and a key reason why special emphasis needs to be placed on HR and payroll data.

It is much easier to get senior management engaged with issues pertaining to the protection of customers than it is to matters concerning the needs of employees. In fact, senior management may overlook altogether the need to engage with HR and payroll teams during the GDPR planning process altogether, which may lead businesses exposed.

Customer data has been the focus of much of the communications and information around the introduction of the GDPR. Right now, we find that we are one of the few organisations beating a drum for the importance of making provisions for HR and payroll data.

This is not just because it is our area of expertise.

In our experience, it is as likely that a company will become embroiled in a lawsuit with a disgruntled employee as with an unhappy customer – and perhaps more so as employees are often more emotionally invested, look at the current issues facing Tesco relating to gender pay gaps.

Poor protection of data could become an easy target for an employee who is unhappy over the terms of a dismissal, for example, and could be exploited by a new wave of compensation lawyers – GDPR could potentially become the next PPI.

We have designed the Learn Centre training course to cover everything you need to know in order to ensure that your organisation’s payroll and HR data is compliant with the GDPR. Those who have attended say it has given them the confidence to raise the issue within their business, as well as the knowledge to enact what needs to be done. Do get in touch if you have any questions.

Click here to see details of the 1/2 day GDPR course