Blog
HR Strategy and Culture
Understanding GDPR – a summary

GDPR, or General Data Protection Regulation in its full name, is the regulation in EU law on data protection and privacy. This applies to how we look after our employee data, how long we can store it for, and so many other areas of data protection law. It can be a minefield so her’s the basics.

Data security – why we need GDPR

How much do you really know about what happens to your personal data? Probably not very much and we’re all in the same boat. In 2015 the UK’s Cyber Security Research Institute teamed up with VPN provider F-Secure to find out just how many of us are aware of data protection and privacy policies when we hand over our data.

They set up a free public Wi-Fi hotspot in central London with just a few Ts and Cs to agree to. Amongst these, the “Herod clause” in which 250 unwitting users agreed to give up their first-born child to F-secure, for eternity. Thankfully the clause wasn’t enforced but it did highlight the need for tighter data regulations. We all need them and thankfully they will be coming into force in May this year.

What is GDPR?

GDPR (General Data Protection Regulation) is the name of the game and at citrusHR we feel GDPR is a positive step forward for us all, because it aims to protect us all – which is certainly worth remembering when you’re hammering your way through your GDPR “to do” list (which we know isn’t what you want to be focusing on!)

This year the laws surrounding the personal data held by businesses will be dramatically tightened and penalties for getting it wrong will be uglier (up to 4% of annual turnover). It’s understandable that the change may create uncertainty and you may feel it is yet another headache for you to have to take on. That said, if you already use our HR software system, there’s not much more you need to do at all. CitrusHR was built with small businesses in mind and, as always, we will guide you and make sure you have everything you need to comply with the new law.

I thought GDPR only really applies to bigger businesses…

Not really. It’s true there are certain parts of GDPR that focus on businesses with more than 250 staff but don’t be fooled into thinking that it won’t impact your smaller business. Whether or not you process customer data, every business with any number of staff is the controller of its own employee data. Whilst the new legislation builds on many of the principles used in the current legislation, (so our software already has solid foundations) there will be small changes that every single business will need to make in order to be in the clear.

GDPR – the concepts and how to comply

Accountability is the concept that underpins it all. Ask yourself if you have a clear record of all the personal data you hold? Being accountable means being able to prove that you have taken the necessary steps towards compliance in the ways listed above, both with your employee data and with any customer data that you process. A clear paper trail of all your data should show:

What type of data you hold
Who it concerns
Where it’s stored
How secure it is
How and when you used it
How and when you transferred it
How long you keep it for

There’s no time like the present to start getting your ducks in line. When it comes to employee data, having HR software means that you can generate reports at the click of a button, employee data access requests will be easy as pie to manage and paper trails will happen automatically. Our goal is to ensure that by the end of May, you and your business are GDPR ready in terms of your employee data. It is totally doable and realistic, even if you don’t use HR software yet. We can’t do it for you, but we can help you with most of it. Time is still on your side, but preparation is key. Don’t leave it until the last minute!

If you’re unsure about how the software will work for your business we’re happy to give you a demo of our system and help with any questions about GDPR. Please call us on 0333 014 3888 or email us help@citrushr.com.

The content of this blog is for general information only. Please don’t rely on it as legal or other professional advice as that is not what we intend. You can find more detail on this in our Terms of Website Use.