Don't waste time
Empower your teams with integrated Time and Attendance, HR and Payroll solutions
If 25 May 2018 isn’t ringing any bells for you, then it should be – it’s the day that General Data Protection (GDPR) comes into force. GDPR is a data protection legislation, replacing the now out-dated Data Protection Act 1998 to give individuals more control over their own personal data. It means that businesses have to be transparent about how data is used, sent, processed and stored, with harsh penalties for non-compliance.
Despite it having been a hot topic in the business world for the past few months, a recent government survey has found that many businesses are still unprepared for the legislation, putting them at risk of fines of up to four per cent of their annual global turnover, or €20 million – whichever is higher.
Still not sure what it involves? Let us run you through it…
There must be a lawful reason to process someone’s data, and you must supply clear and concise information about how it will be processed.
Each individual has the right to access and obtain their personal data if they request it.
If an individual finds that their personal data is inaccurate or incomplete, they have the right to have the information rectified within one month.
Also known as ‘the right to be forgotten’, an individual can request the permanent deletion or removal of their person data if there is no strong reason for its processing.
Individuals are entitled to block the processing of their personal data – you are permitted to store the data, but processing it any further is prohibited.
This right allows individuals to copy or transfer their data across different services in a safe and secure way.
Businesses must stop processing personal data if an individual requests it, unless you have a legitimate reason to continue processing – for example, if it’s for the establishment or defence of legal claims.
Although fully automated decisions are rare, as most business decisions have human intervention, individuals have the right to not be subject to any decisions made by automatic processing.
All new services should consider the procedures of personal data processing at the point of design.
Getting to grips with the new regulations can be a daunting prospect, but your business can’t afford complacency – if GDPR isn’t already on your radar, it’s time to get your data processes in order.