A GDPR Checklist for Chief Human Resources Officers.
It would appear that not only do our smartphones and social media accounts invade our privacy, but also talent management systems and employment practices do so.
Individuals’ privacy is being safeguarded by new GDPR (General Data Protection Regulation) laws. Why not, too? Regulations were needed for a long time due to the clear evidence of Cambridge Analytica and the doubtful case of Facebook listening to our phone conversations. However, it did occur eventually.
This new rule applies not only to European companies that have access to the personal information of citizens of the European Union (EU), but also to companies that collaborate with European companies. It is, in a sense, a reference to a global data protection law. The dynamics of it have been accepted by chiefs of human resources everywhere.
Since all types of data used to identify an individual, including genetic, psychological, socioeconomic, religious, and cultural data, are covered by GDPR, they are concerned about how they will conform their data requirements to the new regulations. A chief human resources officer should follow these steps:
• Impact Assessment on Data Protection (DPIA): DPIA must be tested against every new project that is planned that involves the permanent storage of personal data.
• Speaking out about data breaches: Local data protection authorities must be notified within 72 hours of learning of a data breach if one occurs despite all precautions. What does that imply for businesses? This indicates that within the allotted time, they are expected to have technologies and procedures in place for the detection and breach of data. The chief human resources officer must plan, carry out, and put a lot of changes into place to ensure that internet data security policies and extensive employee training are in place.
• The right to forget: The GDPR adheres to the concept of data minimization. According to this principle, businesses can only use as much data as is absolutely necessary. It is necessary to delete the data if it is not required for the same purpose as the original one. Customers can also choose not to have their data used by businesses at any time. Regardless of where it may have been saved in the process, all data must be deleted.
The chief of human resources has a responsibility to follow these new rules or face consequences. Music also doesn’t come cheap (pun intended). A fine of up to 4% of the company’s global revenue or a fine of 20 million euros could be imposed for failing to follow the new regulations.
The importance of data and the egregious uses that a breach of it can result in has been brought into focus when even the largest companies, like Facebook, can fail to protect data. The reason is that major companies’ chiefs of human resources are doing their best to protect privacy.