Current Issues

Regular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.

Guidance for Employers on the General Data Protection Regulation coming into force in May

17-Jan-2018
Guidance for Employers on the General Data Protection Regulation coming into force in May
With four months to go until the new General Data Protection Regulation (GDPR) comes into force, Jo Stubbs, Head of Content at XpertHR, offers guidance on ten things employers need to know to ensure they are compliant.

The way that organisations manage personal data will change when the General Protection Regulation comes into force on 25 May 2018. This new legislation will introduce changes to how data is processed across the EU and mean employers need to rethink how personal data is collected, used and kept.

However according to research by Veritas Technology many companies are unprepared for this deadline. The research suggests almost half (47 per cent) of companies are concerned they won’t meet the requirements of the legislation and 86 per cent are concerned that the GDPR could have a major negative impact on their business if they fail to comply.

Other research with business leaders across Europe from accounting and consulting firm, RSM , found that more than a quarter (28 per cent) are completely unaware of the regulation they will have to adhere to.

GDPR means employers are likely to have to find an alternative to consent to process personal data and the regulators will be able to impose significantly higher fines than under existing provisions - up to €20 million or 4% of an organisation's annual worldwide turnover, whichever is greater.

With the deadline imminent it is crucial employers take a realistic, risk-based approach to compliance and focus on the most important and riskiest areas first. Here are ten things employers need to know about GDPR:

GDPR affects small employers too - The GDPR will apply to organisations of all sizes, but not all organisations will be treated the same. Those that are not processing large amounts of data and are not involved in high risk processing won’t be expected to commit as many resources to GDPR compliance.

Employees have the right of access to data - The Data Protection Act 1998 already gives employees the right to make a subject access request in relation to their personal data, but under the GDPR these rights will be extended.

Organisations need good reason to process personal data - The GDPR specifies the conditions under which it is ok to process data and organisations need to be sure that at least one applies. While having “consent” is one, the employer/employee relationship means it could be tricky to prove that consent has been freely given, so it is advisable to have at least one other.

The GDPR will impact on the recruitment process - The GDPR will bring new protections for potential employees and, with it, new responsibilities for recruiters. For example, employers will need to formalise the reasons why data is processed and the period for which it will be retained, and provide this information to applicants.

Individuals have the right to be forgotten - The GDPR sets down the rights of individuals to ask that their personal data be erased.

Criminal records checks - Under the GDPR, employers would be allowed to carry out criminal records checks on prospective employees only if this is specifically authorised by law, for example where a Disclosure and Barring Service check is required for a role involving work with vulnerable adults or children. However, this is an area where the GDPR allows governments to set their own rules to some extent – and, under the proposed new UK data protection law, employers will be able to carry out criminal records checks in more circumstances, so this is an area to watch for developments.

Organisations may need to appoint a data protection officer – Where an organisation is a public body, its core activities involve large-scale data processing requiring regular monitoring of individuals, or it carries out large-scale processing of sensitive personal data or data relating to criminal convictions, it will need to appoint a data protection officer.

Data transfer outside the EEA will be controlled - If an organisation transfers personal data outside the European Economic Area (EEA), it will need to ensure that adequate protection is provided.

Organisations will need to provide an “information notice” - A key requirement of the GDPR is that employees are informed about the processing of personal data and this must be formalised in an information notice (aka a “privacy” or “fair processing” notice). The information provided needs to be significantly more detailed than that provided under the Data Protection Act 1998.

Non-compliance could be very, very costly - Compliance with the GDPR is not something to be taken lightly, with fines as high as €20 million or 4% of the organisation’s global turnover – whichever is greater – for breaches.

The 2017 Veritas GDPR report calls the EU regulation “some of the most stringent data privacy regulations the world has ever seen”. With the deadline just around the corner employers can’t afford to wait any longer to prepare.

App Insights: How can artificial intelligence innovate supply chain management?
1 week ago
Managing Technological Change Without any Supply Chain Disruption
1 week ago
Moody’s Blues for House of Fraser; but Website Failings are Just as Damaging
1 week ago
Artificial Intelligence: What’s Now And Next In IoT-driven Supply Chain Innovation
1 week ago
Indiana Jones and the supply chain bullwhip effect
1 week ago
How Enterprise Labeling Helps You Conquer Regulatory Challenges
2 weeks ago
3 Tips for Empowering Millennial Warehouse Workers
2 weeks ago
More robots means easier delivery - but what about the infrastructure?
2 weeks ago
Safety in the warehouse: Five key risk areas for 360-degree protection
2 weeks ago
Automotive resilience, not just airbags and crash tests, but IT too
2 weeks ago
New High Street panel is facing a race against a terminal diagnosis
3 weeks ago
Delivering the supply chain revolution
3 weeks ago
A market of one: the potential of the personalized supply chain
3 weeks ago
5 EIS rules you are probably not aware of
3 weeks ago
TMS: an enterprise priority
1 month ago
Labeling Solutions for Global Expansion
1 month ago
Prime Day will be a $1.6bn loss-leader creating millions more Prime members, says e-commerce expert
1 month ago
Say what? The new possibilities of voice and machine driven retail
1 month ago
‘Peak faith’ in the cloud only 12-18 months away with slump to follow, warns 6point6 Cloud Gateway
1 month ago
As you were for UK manufacturing sector, but new business growth at three month high
1 month ago
Back to IoT basics: Automating outcomes to improve customer experience
1 month ago
Investigation of the "Fast Fashion" impact
1 month ago
Redefining Rental for Materials Handling Equipment
1 month ago
With the Intelligent Enterprise, SAP Creates “A Completely Different Kind of Flexibility”
1 month ago
The supply chain is only as strong as its weakest link
1 month ago
How to Streamline Labeling in the Pharma Space
1 month ago
‘A revolution happened in the way we buy services last week – and no one has noticed!’
1 month ago
Hot Topics at GS1 Connect? Labeling, Blockchain and More
1 month ago
Retailers must Embrace Change
1 month ago
Labeling Solutions That Bridge Islands of Data
2 months ago
My Journey to the World’s Most Important Gathering of Supply Chain Leaders
2 months ago
Workforce of the Future
2 months ago
Securing your supply chain against political uncertainty
2 months ago
On-demand warehousing could help retailers score big this summer
2 months ago
Half of organisations set for major procurement and supply chain AI investment within two years
2 months ago
Brexit, the weather & online shopping: How Britain’s favourite conversations are shaping supply chains
2 months ago
The Road to Regulatory Compliance for Your Supply Chain Labeling
2 months ago
The War on Packaging
2 months ago
Five data dramas that keep your CIO awake at night
2 months ago
As sales fall new report finds many department stores’ websites suffer from clunky integration and poor delive
2 months ago
Got Your Surfboards Ready to Master the Wave of Digitalization?
2 months ago
TrustArc to Offer IAPP Privacy Core® GDPR Training to Address Compliance Requirements
2 months ago
The Market has never been Stronger for Horizontal and Vertical API Platforms
2 months ago
Selecting the best Transport Management System - One of the most important logistics decisions you’ll make
2 months ago
“Digital Transformation” and Supply Chain Planning
2 months ago
Coolest Advice for Making Blockbuster IoT Devices?
2 months ago
The Fall of ‘Made in China’
2 months ago
How can artificial intelligence help the food industry?
3 months ago
Streamlining Operations With Waveless Picking
3 months ago