Is Your HR Function Ready for GDPR?

Is Your HR Function Ready for GDPR?

The EU’s upcoming General Data Protection Regulation (GDPR), which is scheduled to come into force on May 25, expands the reach of existing privacy regulations, applying not just to European organizations but to all companies processing the personal data of EU residents, no matter where the company is located. It also requires organizations to request users’ consent for data collection and grants EU citizens a number of new rights, including the right to access data collected about them and the “right to be forgotten,” or to have that data erased. Organizations caught violating the regulation risk fines of as much as 4 percent of their annual global turnover or 20 million euros.

The GDPR has sent many companies scrambling to establish new data privacy functions and hire data protection officers to manage what they expect to be a hefty compliance challenge. For any organization that does business in Europe, GDPR compliance will involve ensuring that employee data is managed correctly, meaning the HR function has a large part to play. Talent Economy’s Sarah Fister Gale gives a primer on what the impending regulation means for HR:

The main job for HR on these projects is to make sure EU employees and recruits are given notice describing what personal data the company is collecting, how it is being used and how it will be shared and kept. [Neal Dittersdorf, general counsel and privacy officer for iCIMS,] noted that many companies already provide data notifications to these workers, however HR needs to be certain the language and timing of these notifications is updated to reflect GDPR requirements. …

As part of these compliance projects, companies will need to be able to demonstrate how data is tracked and managed, and how employees are notified about data use. That means they have to maintain records of all data processing activities that can be produced on demand, [Christine Lyon, partner at Morrison and Foerster,] noted.

Our research at CEB, now Gartner, shows that while GDPR compliance may not be led by HR, 76 percent of HR teams are expected to participate in GDPR efforts. HR collects and manages so much data that these new regulations will drastically change how HR protects and deletes data accordingly.

The latest issue of Talent Analytics Quarterly (which CEB Corporate Leadership Council members can read here) delves further into this regulation’s implications for HR. Members can also review the webinar we held earlier this month to help HR professionals create action plans for GDPR compliance.