1. Home>
  2. Resources>
  3. Privacy & Security>

GDPR checklist: 4 months to prepare

With the General Data Protection Regulation (GDPR) deadline just four months away, is your organisation prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist that includes the essential steps to compliance.

This blog will explore getting to grips with employee rights; making an inventory of data; and rethinking data retention.

    1. Get to Grips with Employee Rights

    GDPR requires employers to review the rights of their staff thoroughly. If they fail to understand these rights now, they will not be able to comply with the regulation once it takes force later this year.
    Employers must gain a good understanding of data subject rights under GDPR. To do this, organisations may wish to complete the following:

    •  Create an intranet page on how you manage your workers’ personal data – this should be written in clear language that your employees can understand easily.
    • Refine a method for processing any employee requests. Ensure workers know where they can issue a request, and that you know who in your HR team manages the request, as well as how it will be registered and kept track of – evidence is key when it comes to GDPR.

      2. Make an Inventory

      Under GDPR, you are required to keep an inventory of the personal data you are processing, or “a record of processing activities”.

      • This inventory needs to cover the correct categories of data you hold. These categories include employee performance data, payroll and employee benefits data, recruitment data of candidates that were not withhold, and so on. Each data category needs to be assigned an information owner.
      •  Next, check with a legal or compliance manager if there is a centralised data register. Have the information owners complete the personal data register and keep it updated.

        3. Rethink Data Retention

        Privacy laws already mean that personal data can only be retained for a period that is necessary for the data processing purposes. With GDPR, keeping hold of personal data longer than required has become a liability.
        Putting in place a data retention strategy for HR records can be a complicated process, and therefore needs to be carried out carefully—not forgetting any paper-based records.

        • While looking at your data register, list the reasons you have for retaining your data, including minimum retention periods and liability as an employer. You can check these with your legal department.
        • With these reasons in mind, define the minimum and maximum retention periods for each data category – your legal team can validate these.

        Working with your IT department and partners, implement these requirements.

        By completing our checklist, you can be confident in the knowledge that your HR and payroll department is ready to tackle GDPR head on. It’s essential your business understands the implications of the regulation in detail to ensure compliance and avoid hefty penalties. Just make sure you don’t leave it too late!

        Don’t miss part two next month, covering the final two points on our checklist: ‘Ensuring compliance with your business partners’ and ‘Implementing privacy and security procedures’.
        To read more about GDPR, including our statement, click here. SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our email WeAreGlobal@sdworx.com