GDPR Webinar Roundup: Implementing an appropriate retention of employees’ data
On Wednesday 25th January, SD Worx and DLA Piper hosted the second webinar in our General Data Protection Regulation (GDPR) series focused on implementing an appropriate retention of employees’ data.
On 25th May this year, GDPR takes force and will impact any business that handles the data of EU individuals—regardless the location of the company. With the deadline rapidly approaching, it’s essential that HR and payroll professionals understand exactly how the regulation will impact data rights—and how to prepare before it’s too late.
For the first webinar on 30th November, we explored ‘Dealing with the data rights of your employees’. In the January installment, Gert Beeckmans, Chief Risk & Security Officer at SD Worx, and Laurent De Surgeloose, Lead Lawyer at global law firm DLA Piper, focused on how GDPR will impact data retention in terms of policy changes, including:
- Key changes to the employee retention policy
- Advice on how to develop a GDPR-compliant retention policy
- Staff retention challenges for employers
- Best practice examples of staff data retention
Why should you care about data retention?
In this webinar, Gert and Laurent stress that:
- Storage limitation principle is simple, employers should not retain personal data for longer than the processing period of this data. Not easy to apply in practice, but simple in concept.
- GDPR will make the storage limitation principle stricter in application by adding requirements to abide by.
- GDPR required explicit and transparent retention time constraints, and demands that any processing of data should not be excessive in relation to purpose: the period of processing personal data must be limited to strict minimum.
- If you’re not clear on data retention, you’re at risk of sanction in the case of a data breach.
Summary
This webinar addressed in detail the scope and implementation of HR record retention. Gert and Laurent shared their view on the most effective way to comply with this aspect of GDPR, and offered advice on how to use GDPR to help your customers and deal with the processes required for different areas of complexity.
Next month, we’ll go into more detail around the data register and what you need to do to become GDPR compliant. Don’t forget to join the conversation on Twitter by using #GDPRcountdown.
For more information please visit our GDPR page or, please email WeAreGlobal@sdworx.com.
Related articles
Mandatory protection for whistleblowers – be prepared on time
By December 17, 2021, Belgium will need to have implemented the European Whistleblower Directive. From then on, organisations and companies must have a workable internal reporting channel in place for whistleblowers who expose abuses. Belgium is still lagging behind, but we are already taking steps to move forward.
Getting it Right: Small and Mighty Payroll
There’s a common misconception that payroll offerings are only necessary when your organisation reaches a certain size. However, small companies should not overlook partnering with a payroll provider that fits their needs, especially when they’re looking to expand into new regions.
Why choose a payroll provider with an ISAE 3000 attestation
Outsourcing HR tasks such as payroll implies handing highly valuable company and personnel information over to an external partner. How can you guarantee they handle those data professionally, with integrity and confidentiality, and in compliance with the strict EU General Data Protection Regulation (GDPR)? The answer: ISAE 3000 attestation.