GDPR are you ready for the change ?
For the General Data Protection Regulation (GDPR), the protection of users’ personal data is now an integral part of the fundamental rights of the individual and also of the employee.
The GDPR imposes many obligations on employers. Companies collect and process a large volume of personal data. The arrival of the GDPR will make things happen.
The rights of new employees will be improved
For employees, the GDPR will allow the implementation of new rights, such as:
- The right to be forgotten (right to erase data).
- The right to rectify inaccurate data.
- The right to restrict the processing of personal data.
- The right to oppose the processing of personal data (justified by legitimate reasons).
- The right to portability of personal data to another organization.
In addition to these new and improved rights, the most significant change is for the employer, with an emphasis on transparency and accountability: the two fundamental concepts of the GDPR. From the moment the law comes into force, i.e. on May 25, employers will have to be able to demonstrate their conformity with the GDPR, otherwise they will be subject to fines for non-compliance, or they may even find themselves having to answer claims for compensation from employees.
For the person in charge of working on the GDPR project in the company (a designated data protection officer, HR professional, internal legal adviser, or other identified person), the first recommended step is to conduct an audit to identify gaps between what currently exists in the organization and data protection responsibilities expected to be in place as of May 25.
Steps for the implementation of the GDPR
Recommended steps for employers – answer the following questions:
- What current employee data is retained and stored by the organization?
- Why does the organization store this data?
- What are the existing procedures and processes regarding employees’ data?
- How did the organization obtain data from these employees?
- For how long does the organization keep this data?
- How secure is employees’ data: in terms of encryption and accessibility?
- Does the organization share this data with third parties? If so, why?
- Is this data shared outside the European Union?
If these issues have not yet been addressed in your organization, we recommend that you do so without further delay. Do this exercise from the time of the employees’ arrival in the organization until they leave.
For example, employers can examine what type of questions are asked of the candidate during the recruitment process, analyze the relevance of these questions and analyze whether candidates are informed about the processing of the information collected.
Additionally, the employer must know why such information is being transferred to the successful candidate’s file, and why this information is relevant for the current job.
Finally, the next obvious question is: for how long does the employer intend to keep this data?
Bocasay, offshore outsourcing company, can assist you in creating, improving or maintaining your information systems to comply with the GDPR. We provide tailored IT solutions that allow you to easily update and store required documents. Our offshore IT development service guarantees a high level of data security. You have the choice among our services centers : Vietnam offshore software development center, Madagascar, Mauritius etc.