Current Issues

Regular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.

Guidance for Employers on the General Data Protection Regulation coming into force in May

17-Jan-2018
Guidance for Employers on the General Data Protection Regulation coming into force in May
With four months to go until the new General Data Protection Regulation (GDPR) comes into force, Jo Stubbs, Head of Content at XpertHR, offers guidance on ten things employers need to know to ensure they are compliant.

The way that organisations manage personal data will change when the General Protection Regulation comes into force on 25 May 2018. This new legislation will introduce changes to how data is processed across the EU and mean employers need to rethink how personal data is collected, used and kept.

However according to research by Veritas Technology many companies are unprepared for this deadline. The research suggests almost half (47 per cent) of companies are concerned they won’t meet the requirements of the legislation and 86 per cent are concerned that the GDPR could have a major negative impact on their business if they fail to comply.

Other research with business leaders across Europe from accounting and consulting firm, RSM , found that more than a quarter (28 per cent) are completely unaware of the regulation they will have to adhere to.

GDPR means employers are likely to have to find an alternative to consent to process personal data and the regulators will be able to impose significantly higher fines than under existing provisions - up to €20 million or 4% of an organisation's annual worldwide turnover, whichever is greater.

With the deadline imminent it is crucial employers take a realistic, risk-based approach to compliance and focus on the most important and riskiest areas first. Here are ten things employers need to know about GDPR:

GDPR affects small employers too - The GDPR will apply to organisations of all sizes, but not all organisations will be treated the same. Those that are not processing large amounts of data and are not involved in high risk processing won’t be expected to commit as many resources to GDPR compliance.

Employees have the right of access to data - The Data Protection Act 1998 already gives employees the right to make a subject access request in relation to their personal data, but under the GDPR these rights will be extended.

Organisations need good reason to process personal data - The GDPR specifies the conditions under which it is ok to process data and organisations need to be sure that at least one applies. While having “consent” is one, the employer/employee relationship means it could be tricky to prove that consent has been freely given, so it is advisable to have at least one other.

The GDPR will impact on the recruitment process - The GDPR will bring new protections for potential employees and, with it, new responsibilities for recruiters. For example, employers will need to formalise the reasons why data is processed and the period for which it will be retained, and provide this information to applicants.

Individuals have the right to be forgotten - The GDPR sets down the rights of individuals to ask that their personal data be erased.

Criminal records checks - Under the GDPR, employers would be allowed to carry out criminal records checks on prospective employees only if this is specifically authorised by law, for example where a Disclosure and Barring Service check is required for a role involving work with vulnerable adults or children. However, this is an area where the GDPR allows governments to set their own rules to some extent – and, under the proposed new UK data protection law, employers will be able to carry out criminal records checks in more circumstances, so this is an area to watch for developments.

Organisations may need to appoint a data protection officer – Where an organisation is a public body, its core activities involve large-scale data processing requiring regular monitoring of individuals, or it carries out large-scale processing of sensitive personal data or data relating to criminal convictions, it will need to appoint a data protection officer.

Data transfer outside the EEA will be controlled - If an organisation transfers personal data outside the European Economic Area (EEA), it will need to ensure that adequate protection is provided.

Organisations will need to provide an “information notice” - A key requirement of the GDPR is that employees are informed about the processing of personal data and this must be formalised in an information notice (aka a “privacy” or “fair processing” notice). The information provided needs to be significantly more detailed than that provided under the Data Protection Act 1998.

Non-compliance could be very, very costly - Compliance with the GDPR is not something to be taken lightly, with fines as high as €20 million or 4% of the organisation’s global turnover – whichever is greater – for breaches.

The 2017 Veritas GDPR report calls the EU regulation “some of the most stringent data privacy regulations the world has ever seen”. With the deadline just around the corner employers can’t afford to wait any longer to prepare.

Selecting the best Transport Management System - One of the most important logistics decisions you’ll make
6 days ago
“Digital Transformation” and Supply Chain Planning
6 days ago
Coolest Advice for Making Blockbuster IoT Devices?
6 days ago
The Fall of ‘Made in China’
1 week ago
How can artificial intelligence help the food industry?
1 week ago
Streamlining Operations With Waveless Picking
2 weeks ago
Creating a common standard for the fashion supply chain…
3 weeks ago
5 Steps to Improve Your Business’s Supply Chain
3 weeks ago
Procurement is joining the dots with technology to achieve greater strategic benefits
3 weeks ago
Don’t get red-carded shipping World Cup items into Russia
3 weeks ago
Trash talk: how waste management could become an engine for business growth
4 weeks ago
Could consumers drive a business tech revolution?
4 weeks ago
Jungheinrich Opinion: The Connected Engineer
1 month ago
Debunking the myths of the Hybrid Cloud
1 month ago
How to Future-Proof a Retail Business
1 month ago
How Enterprise Label Solutions Streamline Supply Chain Management
1 month ago
Ignorance 4.0? UK manufacturing and engineering competitiveness at risk from lack of knowledge
1 month ago
Untangling S&OP and S&OE
1 month ago
The ghosts of retail past, present and future
1 month ago
How to safeguard customer loyalty using digital platforms
1 month ago
The last mile starts with a single step
1 month ago
How citizen developers can speed up business app development
1 month ago
RFID – The missing link in customer insight
1 month ago
Turning blockchain into a real supply chain advantage
1 month ago
Achieving a Sustainability-Centric Retail Model
1 month ago
Gartner Says Global IT Spending to Grow 6.2 Per Cent in 2018
1 month ago
Monster opportunity: the Vampire Economy will take wings this year with late night deliveries
1 month ago
Falsified Medicines Directive: What are the practical considerations for wholesalers and Logistics Partners?
1 month ago
UK manufacturing sees solid growth in March
1 month ago
Elevating IT in financial services
1 month ago
The best, not the biggest
1 month ago
Addressing SME GDPR Misperceptions
1 month ago
What it’s like to be a woman in logistics
1 month ago
Building the Business Case for Digital Transformation of Supply Chain Planning
1 month ago
Is artificial intelligence fiction or fad?
1 month ago
Ecommerce Returns Best Practice: How to minimise Lost Profits and maximise Customer Satisfaction
1 month ago
How the connected distribution centres are helping organisations keep consumer demand at bay
1 month ago
Latest ONS figures show online stores continue to eat the High Street’s lunch’, says ParcelHero
1 month ago
SAP HANA Enterprise Cloud: A Strong Pillar of SAP’s Strategy
2 months ago
Food for thought: time to trim the waste line
2 months ago
Redefining supply chain visibility
2 months ago
Questions to ask yourself before investing in business management software
2 months ago
How the Tariffs Will Impact Supply Chain Execution
2 months ago
Ethics and the supply chain
2 months ago
Spring Statement Summary – The Good, The Bad And The Ugly
2 months ago
Four ways the UK retail supply chain differs from the rest of Europe
2 months ago
What Is Planning?
2 months ago
Only 6% of companies believe they've achieved full supply chain visibility
2 months ago
Why are some businesses slipping up when it comes to Health and Safety?
2 months ago