You’ve probably heard of the new EU General Data Protection Regulation (GDPR), set to come into force next year, but do you know how it will impact your day-to-day job? If the answer is “no” this blog is a must read as the implications of not following the new legislation could lead to hefty fines.
What is the EU GDPR?
Simply put, it is a set of new data protection obligations all organisations within the EU must adhere to, and which are designed to give individuals greater rights over how their personal data is used. It will also apply to businesses that fall outside of the EU but provide goods and services to individuals from EU Member States.
GDPR introduces changes around two key areas:
- The rights individuals have over how their personal data is processed
- The procedures businesses will have to follow around security and data processing.
Clients and candidates will have greater say in who holds their data and how it is used, and failure to meet obligations could incur a fine or other penalties – potentially damaging your finances and reputation.
When will GDPR officially take effect?
Good question, not until 25 May 2018, which means you have a good amount of time to prepare for the changes and develop robust data protection procedures both individually and as an organisation. Brexit won’t make a difference as the government has already said they intend to implement the GDPR regardless through a new data protection act.
What are the major changes for you?With the introduction of greater individual rights over data, there are four key things you need to be aware of when it comes to processing candidate and client data. When GDPR launches, individuals gain additional rights including:
- To be notified of a data breach
- To be informed of how their data will be used
- To transfer their personal data to another provider
- To be “forgotten” and for their data to be deleted.
What happens if I breach GDPR regulations?
You could be required to pay a hefty fine or face other penalties. Fines are set in two tiers, detailed below, and are at the discretion of the supervisory authorities so the Information Commissioner’s Office in the UK.
- An administrative fine of up to €10,000,000 or 2% of global turnover, whichever is higher
- An administrative fine of up to €20,000,000 or 4% of global turnover, whichever is higher.
Your GDPR to do list
While a lot of changes will happen at a company-wide administration level, there’s nothing to stop you becoming more data protection aware in your day-to-day work. Taking steps to improve data protection and your awareness of key issues now will save you a lot of stress early next year. So:
- Attend one of the REC’s expert-led GDPR seminars
- If you’re holding onto ancient candidate details it’s probably time to audit your database
- Get clued up on all of the facts by reading the GDPR update in the IRP Legal Guide
- Read detailed GDPR information on the ICO website.