GDPR – be ready with Wards Solicitors’ data protection policy for staff
Sweeping new laws on personal data come into force on 25 May this year. Although the deadline is looming, there is worrying evidence that the EU General Data Protection Regulation (GDPR) is being ignored by most small and medium sized businesses (SMEs).
GDPR, which replaces the Data Protection Act 2018, is set to make major changes to the way organisations can store and handle personal data.
After Brexit it will be cut and pasted into UK law, so there is no escape. It will affect all businesses and all areas within businesses - not only customers, suppliers and websites but also your own workforce.
Tackling it can seem a daunting prospect - but Wards Solicitors can help.
Steps to get ready for GDPR
We suggest that businesses should:
- Encourage a cultural shift towards data from the top down;
- Do a data audit;
- Review and where necessary replace contracts, policies and processes;
- Regularly review and train key personnel.
Putting a policy in place for staff
Tackling this cultural shift can seem intimidating, but Wards Solicitors' GDPR-compliant Data Protection Policy will help your human resources personnel comply with the new rules regarding staff.
The policy sets out clearly for your workforce:
- Relevant principles and explanations of data protection concepts;
- What types of data you can hold on staff;
- How, and when, you will process and share personal data;
- Your staff's data protection rights;
- How you will deal with subject access requests and data breaches.
Why do you need to comply with GDPR?
It will reach much further than existing data protection laws, giving new rights to individuals regarding the use of their personal information. Changes include the introduction of increased accountability for both data controllers and data processors. There are hefty fines up to a maximum of 20 million euros (or four per cent of global turnover whichever is higher) for non-compliance.
Why is GDPR being introduced?
Electronic data held online, for instance via social media, means that organisations hold more information about all of us than ever before. Major data breaches have become increasingly common including the theft of names, birthdates, emails and addresses as well as social security, pension and bank account details.
The aim of GDPR is to overhaul and modernise current data protection laws, which date back to the pre digital 1990s.
Update your staff data protection policy now
Having a GDPR-compliant Data Protection Policy for staff will help you to prove compliance with the new rules. It is not a 'quick fix' but a vital element of your business response to the new laws. Please contact Julia Beasley to find out more.