“Trust yourself. You know more than you think you do.” – Dr Benjamin Spock
Talented HR professionals have an innate depth and breadth of skills that make them natural leaders for GDPR compliance. They can use the new General Data Protection Regulations (GDPR) to advance not only their organisation in its GDPR compliance strategy, but also to demonstrate their value to the business.
They handle sensitive data every day
GDPR increases the liability for how employees’ details, payroll information, expenses, medical records and other sensitive details are processed in the HR department. Under the existing Data Protection Act (DPA), HR already has strict rules for data handling and data protection. They can build on these for GDPR compliance.
HR already handles Subject Access Requests
Since 1998, HR teams have been used to handling data access requests. These rules form the basic tenets for the new GDPR, although because of the changes in timeframes and financial costs, they are likely to see an increase in volume of Subject Access Requests.
HR can showcase their expertise in handling data issues and helping with data requests across the business. Requests will not necessarily come straight to HR, so they can help prepare line managers, marketing teams and customer-facing employees.
Risk analysis already underlies their approach
HR teams are well used to drafting, reviewing, revising and documenting company policy and contracts. They are at the forefront of dealing with risks posed by employees and the use of data. This experience and employee behavioural insight can be invaluable in planning and developing strategies that will help the business mitigate risk in alignment with the GDPR.
Supporting the Data Protection Officer (DPO) through best practice
The HR team is in a strong position to support the data protection officer (DPO) by providing a best practice example of how to achieve GDPR compliance to the rest of the business.
HR in a position to build agility and resilience
The nature of the GDPR requires that organisations become more agile and resilient. For example, they’ll need to be able to respond more quickly to data access requests and to demonstrate compliance at every step of any personal data handling process. This will impact internal processes and systems, which HR is used to sharing, communicating and supporting through training, for example. They’re in the position to help clarify these steps, and to identify who is responsible for what and when.
Providing staff training to enhance employees’ skills
Employee training is bread and butter for HR professionals. No organisation will succeed in GDPR compliance if they don’t understand the new data privacy regulations, their new responsibilities and the potential consequences of failure. This requires top down compliance training – from Board level to reception.
To find out how Me Learning’s online GDPR courses can help your people, click here.