In less than 10 months, the EU General Data Protection Regulation (GDPR) will enter into force and, yes, you are part of the journey to compliance.
Why ? Because you have access to a wide range of personal data and the GDPR places greater obligations on employers to inform employees how their data will be processed and for what purposes. Also, such information must be (i) “concise, easily accessible and easy to understand” and (ii) provided “in writing or by other means, including, where appropriate, by electronic means”.
What information must be supplied ? A longer and more detailed list than the current legislation does: (i) not only “facts and figures”, such as the (categories of) recipients, the retention periods and the contact details of the data protection officer (if any), but also (ii) the employees’ rights, such as their right to access and their “right to be forgotten”.
So, have you started looking at your privacy notices (employment contracts, work rules,…)?
That being said, it’s not just about policies; preparing for the GDPR requires more than that, such as the implementation of appropriate technical and organizational measures as well as a thorough understanding of the data flows.
The GDPR can be found on: