GDPR Data Register: Have you mastered it correctly?

In our webinar, titled ‘GDPR: Completing the Data Register’, hosted by Gert Beeckmans, Chief Risk & Security Officer at SD Worx, and Laurent De Surgeloose, Lead Lawyer at global law firm DLA Piper, we dealt with the importance of data registers and what HR and payroll professionals need to know. 

Some of the topics covered are: 

• what should be logged in data register?
• establishing a register
• and maintaining data register

You can watch the full webinar below. 

You can find the complete presentation and other GDPR related webinar here. 

To have a better view of how to handle data, we had an interview with the science giant DuPont to get hold of key practices that we could adhere to.

Data security has always been of utmost priority to the giant organisation DuPont and this dates to its foundation since 1802. To keep us abreast on the subject, here’s our conversation with  Edith Hamelryckx, HR Manager Integrated Operations & Industrial Relations Leader EMEA at DuPont de Nemours. She confides that “GDPR didn’t came as a shock to the organisation. It’s natural behaviour.”
Keeping in mind their expertise, here are some handling practices shared by DuPont:

DuPont relates to it with four core values: health and safety, environmental stewardship, respect for people and highest ethical behaviour. Data security fits in perfectly with the last one mentioned. It is all about the company and its people setting the pace with a behavioural concordance that goes hand in hand with their business affairs, taking into consideration the ethical standards while being compliant with all the applicable laws.

Providing an up-to-date training to the employees on a yearly basis is of great importance. This implies reiterating the data protection policies to them and making sure that they understand the ethical behaviours, values, and approaches that the organisation.

Reinforcing the communication regularly with the employees is a good way to keep track of data security in an organisation. For instance, emails regarding data recordings are sent on a frequently basis, confides Hamelryckx.

Whenever there is a new process involving personal data being defined or any existing process where personal data is being changed, there should be consultation with third-party vendors. For instance, where are they storing the data and is the transaction secure? Be aware of Bring Your Own Device policies as well. You should be very careful if you are letting people use their devices on your network. Instead, DuPont make it a must to provide devices to their employees who are working remotely or travelling on a regular basis.

At DuPont, IT, HR and legal do have a monthly meeting to discuss about the issues pertaining to data processes. Having a great collaboration among different team members of the organisation help to have a better view of GDPR.

With the impact of Covid-19, many organisations’ priorities have been diverted to consider working from home as a main business operation. Therefore, the need to protect the data register has urged companies to have a GDPR-compliant data register.