Keep employee data secure
GDPR should be a spur to carrying out a thorough look at how security is managed in your HR function. Therefore, look to start ensuring privacy by design. This means that any action you undertake in processing employee data must be carried out with data protection and privacy at the forefront of every step in the process.
Cyberattacks are also on the increase, so it is imperative you shore up security across the board using best-in-class security tools, password protection, anti-virus software and other data protection capabilities. Indeed, Wannacry and similar ransom attacks and malware events should have convinced you it is time to transition off legacy HR systems that could leave you open to risk of blackmail or even shutdown.
Run a system-wide audit as part of your GDPR initiatives to see exactly what hardware and software you are running and what needs replacing to mitigate against this peril. Be aware that the older the technology, the less likely it is able to deal with new emergent threats out there.
Dispose of data serving no purpose
Storing data for data’s sake is inefficient, pointless and expensive. It’s been estimated that no less than 120 separate processes can touch an employee across the lifecycle of a typical employment and the sheer volume of data generated has expanded dramatically, as the requirements of health and safety, employment law and regulatory compliance have created vast amounts of documentation that must be stored and kept up to date.
So avoid data hoarding! It lowers productivity and could also pose a threat to the ‘right to be forgotten’ clause in GDPR.
Instead, use HR policies and procedures to cleanse data to make sure you are only holding required personal data. This is also an ideal way to ensure archival and retrieval procedures are in place to ensure compliancy at this level.
Adding value, not chasing paper
Believe it or not, GDPR is actually a positive, as it is driving us all toward a data-driven way of working, as it creates a central information management resource from which to carry out more advanced workflow and employee lifecycle management.
Plus, the workflow elements of a digital strategy can go far beyond the traditional HR set of core processes and supporting documentation – through recruitment but also in the retention and Business As Usual phase of employment, as it can help to bring all of these individual areas onto a single central digital platform.
So instead of fearing GDPR, turn it into competitive advantage, a catalyst for positive data change, and unlock its business potential. It gives you a real opportunity to make organisational information accessible, secure and up to date, which is a struggle all too familiar for most HR professionals – and get ahead of the competition and win staff trust.
At the same time, paper-lite/digital HR means your job becomes more about adding value than chasing paper while you can be reassured your organisation is always protected against any employee dispute, GDPR and any other data protection legalities.