On 25th May 2018 the new EU regulations for General Data Protection Regulation – GDPR - will come into force.
However, many business leaders, when asked by leading business advice website, BuisnessAdvice.co.uk, are extremely concerned that businesses; SMEs especially, are not fully aware of GDPR and the impact it will have on their business.
Here at Calverton Finance we are aware that GDPR will affect many of our customers, particularly those in the recruitment industry. We have already brought you news of the impact it will have, however, in light of these revelations and the lack of awareness that GDPR will have on SMEs, we thought it prudent to reiterate the impact of GDPR for you and your recruitment business.
1. Why GDPR?
GDPR will bring the UK into line with the rest of Europe by focusing on the accountability of organisations that hold personal data on others.
2. Worried About GDPR – ‘Starting From Scratch’
As a business, you will likely be complying with the Data Protection Act – DPA – already, and therefore, as a result, you shouldn’t find the new GDPR rulings to onerous. Things should slot into place fairly easily. Mostly it is about keeping GDPR vigilant at all times - keeping your business, your staff and your systems up to date and compliant. It’s never too early – you should be getting yourself and your team GDPR ready NOW!
3. ICO Privacy Impact Assessment
Your business must also be aware, follow and include the Information Commissioner’s Office (ICO) Privacy Impact Assessment, as well as include the Article 29 Working Party within your operations.
4. Immediate Data Review
It is vital that you review your data now. Look at how your have come about the details you have on your temps and contractors – you need to look at where it is stored, how it is used, this needs to include website registrations, spreadsheets, databases, 3rd parties, time sheets and billing information for both internal and external organisations.
GDPR requires that your data has been consented to – your workers and contractors have expressly given their consent for you to use their information – opt out tick boxes will not suffice.
Data/personal information must also be stored securely. GDPR wants proof (should you be investigated) that your policies and procedures are effective and compliant.
5. Worker and Contractor Consent
In the first instance, all of your temps and contractors must expressly give their consent for you, and your 3rd parties, to use their personal information. You must also be clear in how you use, store and delete this data. Be as transparent as you can be – transparency is a key feature in GDPR’s rulings over data usage.
This is applicable for all new and existing workers and contractors.
6. Data Breaches
Any breaches in data could result in your temps and contractors falling victim to identity theft. You are required to have the correct procedures in place to enable you to detect how the breach has occurred and where from. Under new GDPR regulations you must immediately inform of the ICO of any breach.
7. Non-GDPR Compliant Fines
As we say, start your GDPR education and training NOW! Failure to do so could result in a seriously hefty fine. The EU is to fine as much as 4% of global income or million, whichever sum is greater for any failure of compliance.
8. Appoint A GDPR Controller
It’s wise to appoint one person as your dedicated GDPR controller. This does not negate the need to ensure all your team are aware of the seriousness of GDPR yet this one person should be the ‘expert’, managing all updates and central filing systems and reference points.