GDPR Data Register: Have you mastered it correctly?

5 February 2021 - Reading time: 7 Minutes

GDPR

GDPR has been a burning subject in the past three years now. It was enforceable in 2018 across European countries and things have evolved since then. In fact, since its implementation date until January 2020, some 160,921 personal data breaches with EEA have been reported (DLA Piper: GDPR Data breach Survey 2020). In this article, we’ll go about how to complete the data register followed by a data handling case by science giant Dupont.

Data register (also known as data inventory, personal data mapping, processing register, software register and data index) is maintained by the company’s data processor and controller. It should include categories of data subject and description of organisational processes.

The main idea of data register is to highlight the purpose of why and how a company is processing personal data.

In our webinar, titled ‘GDPR: Completing the Data Register’, hosted by Gert Beeckmans, Chief Risk & Security Officer at SD Worx, and Laurent De Surgeloose, Lead Lawyer at global law firm DLA Piper, we dealt with the importance of data registers and what HR and payroll professionals need to know. 

Some of the topics covered are: 

  • what should be logged in data register?
  • establishing a register
  • and maintaining data register

You can watch the full webinar below. 

 

You can find the complete presentation and other GDPR related webinar here. 

Handling data: best practices

To have a better view of how to handle data, we had an interview with the science giant DuPont to get hold of key practices that we could adhere to.

Data security has always been of utmost priority to the giant organisation DuPont and this dates to its foundation since 1802. To keep us abreast on the subject, here’s our conversation with  Edith Hamelryckx, HR Manager Integrated Operations & Industrial Relations Leader EMEA at DuPont de Nemours. She confides that “GDPR didn’t came as a shock to the organisation. It’s natural behaviour.”
Keeping in mind their expertise, here are some handling practices shared by DuPont:

1. Integrate it with your values

DuPont relates to it with four core values: health and safety, environmental stewardship, respect for people and highest ethical behaviour. Data security fits in perfectly with the last one mentioned. It is all about the company and its people setting the pace with a behavioural concordance that goes hand in hand with their business affairs, taking into consideration the ethical standards while being compliant with all the applicable laws.

2. Keep track on data training

Providing an up-to-date training to the employees on a yearly basis is of great importance. This implies reiterating the data protection policies to them and making sure that they understand the ethical behaviours, values, and approaches that the organisation has put in place

3. Being communicative

Reinforcing the communication regularly with the employees is a good way to keep track of data security in an organisation. For instance, emails regarding data recordings are sent on a frequently basis, confides Hamelryckx.

4. Responsive with third party vendors

Whenever there is a new process involving personal data being defined or any existing process where personal data is being changed, there should be consultation with third-party vendors. For instance, where are they storing the data and is the transaction secure? Be aware of Bring Your Own Device policies as well. You should be very careful if you are letting people use their devices on your network. Instead, DuPont make it a must to provide devices to their employees who are working remotely or travelling on a regular basis.

5. Collaboration

At DuPont, IT, HR and legal do have a monthly meeting to discuss about the issues pertaining to data processes. Having a great collaboration among different team members of the organisation help to have a better view of GDPR.

With the impact of Covid-19, many organisations’ priorities have been diverted to consider working from home as a main business operation. Therefore, the need to protect the data register has urged companies to have a GDPR-compliant data register. 

 

Need a GDPR peace of mind?

SD Worx aims at providing support and keeping their partners up to date from an HR and Payroll perspective as GDPR and the Covid-19 pandemic have an impact on businesses across the globe. We try at our best to spark success in every move we make. For a full peace of mind on GDPR and your full multicountry payroll process, contact us here

 

Related articles

refresh More articles