GDPR has been in effect for 4 years and we all have heard about it. We have taken action to protect our client’s data because we know how much a data leak could harm our reputation. The same level of attention is however required when it comes to our employees (and candidates).
So… how GDPR compliant are we when it comes to our own people’s personal data ?
Compliance factors
While GDPR clarifies the modalities of the protection of personal data and gives eight fundamental rights to employees (information, access, rectification, erasure, limitation, portability, opposition, automated decisions) it also has, as a consequence, implications on many HR processes.
With this in mind, HR shall, under guidance from the Company’s DPO:
- Produce and maintain a comprehensive record of data processing activities
- Document a data retention policy and implement it for all personal data processed within the company
- Update other HR policies to address all aspects of GDPR
- Regularly review and test internal procedures and controls, ensuring that results and remedial measures are properly documented
- Undertake DPIAs (Data Processing Impact Assessments) whenever required
- Properly document any breaches and declare them to the authorities when necessary
- Organize specific GDPR training for the HR department
Screening
Understanding which personal data is processed within HR, ensuring it is protected right from the beginning (at collection stage) and deleted on time is critical to achieve compliance.
Based on this, we have developed our GDPR services offering, supporting our clients on very pragmatic but critical items, such like the cleaning of their personnel files. This service is made of the following steps:
- Review the current state of your HR files : we look at your paper and electronic employee files and related HR documentation (tax cards records, medical certificates, recruitment tests, contractual documents, salary related documents , performance review, employee relations data …) versus your data retention policy if existing
- Based on this analysis we show where you comply or not comply with the GDPR prerogatives and we issue recommendations to improve your compliance. These can be: relevance of the documents kept in the Employees files (principles of minimization and purpose) and in other related files, compliance in terms of the deletion of records, the avoidance of duplication, archive management.
- We set a plan with you, in order to ‘clean’ your paper and electronic employee files based on agreed retention periods and proceed to the cleaning.
It saves your time and avoids distraction from your other daily activities. We keep it easy, pragmatic and efficient! This service is available as a ‘one off’ but we can also do your cleaning on an annual basis.
If you are interested to hear how we can support your GDPR compliance efforts, call Virginie Boyard, Executive Director, 661 204 929. Virginie.boyard@vistim-sa.com