Within your organisation your HR team is crucial in ensuring that you remain compliant with the Data Protection Act 2018 & the GDPR. This is because your HR team is responsible for processing employee data – recruitment & selection plus performance management, employee personal & sensitive personal information.
It is the responsibility of the employer, through your HR personnel – whether in-house or through a vendor – to develop policies that are compliant with GDPR and Data Protection Act 2018 regulations. You must also ensure that your workforce thoroughly knows and can confidently implement the terms and conditions of both the GDPR and the Data Protection Act 2018, as well as the policies you develop in response to them. It is important that you seek guidance if you want to build rules that are properly aligned with the data protection regulations in the UK.
Personal data is collected and processed by HR not only from current employees but also from candidates, consultants, contractors, and former employees. Personal data processed includes special category data such as medical records; therefore, it is critical that HR professionals understand their privacy responsibilities and the GDPR in order to process personal data securely and appropriately. Remember HR professionals are responsible for safeguarding employee data against negligence and security concerns.
HR can and does play a significant role in managing and training staff to have a basic understanding of privacy requirements and in keeping the organisation’s data secure. Employees are best placed to learn their obligations during the onboarding process, but in order for this to happen, HR staff must properly understand the relevance of the GDPR. This is particularly challenging for the smaller organisations that may lack a staffed HR function of any kind.
Your HR team is responsible for processing employee data – recruitment & selection plus performance management, employee personal & sensitive personal information.