Pastries, Employers and GDPR
Our regular Employment Breakfast yesterday featured guest speaker, Ed Boal, to discuss the hot topic of the GDPR for HR professionals. With 63 days to go until 25 May 2018, it’s full steam ahead in preparing for the new regime.
With a full house in attendance, we discussed the need to prepare now for the implementation date, but also to ensure ongoing compliance in the future.
It’s important to implement a risk based approach to the use, storage, and retention of personal data, and to have the correct procedures in place.
Businesses should already have carried out a personal data audit to map and assess the data they hold and process. Ed discussed the primary processing grounds that employers will seek to rely on:
- Performance of a contract
- Compliance with a legal obligation
- Legitimate interests
With the imbalance in bargaining power between employer and individual, including the massive amount of personal data that is processed before, during, and after the employment relationship, it is vital to consider the most appropriate lawful ground for each specific purpose that personal data is processed.
Specific examples were discussed from around the room including criminal convictions, recruitment marketing, temporary/seasonal staff – and even Facebook searches pre-employment!
It’s not sufficient to just have a policy in place; employers need to demonstrate due and proper consideration of the basis of the processing, storage, and ongoing use of personal data in each instance.
Ending the session on a review of the rights of employees (subject access requests as well as erasure and the right to be forgotten), attendees left the event reassured about the steps they needed to take and full of delicious pastries.
Due to high demand, we are running a second breakfast on 28th March 9 – 10:15am with Ed. Places are filling up quickly so click here to book your place.