How to start preparing for the General Data Protection Regulation (GDPR)
Click on any of the hyperlinks to go to more detailed guidance below.
- Understand that the EU General Data Protection Regulation (2016/679 EU) (GDPR) will significantly change data protection law in the UK when it comes into force on 25 May 2018.
- Be aware of a new approach to data protection design under the GDPR, requiring organisations to embed privacy considerations in operational and strategic HR.
- Be aware of changes to obtaining consent to process employee data and a greater focus on the legal basis for processing data under the GDPR.
- Understand that there will be increased obligations under the GDPR to provide information to employees and job applicants about the processing of their personal data.
- Be aware of new record-keeping obligations for employers to demonstrate compliance with the GDPR requirements.
- Ensure that the organisation's board and senior management understand the potential exposure to fines and other sanctions under the GDPR, and obtain buy-in for GDPR compliance at a senior level across the organisation.
- Establish a GDPR compliance team with the necessary skills and experience to develop, implement and coordinate a compliance plan.
- Audit existing data processing activities across the organisation's employment lifecycle to identify high-risk areas.
- Develop a timeline to implement a GDPR compliance programme.