BUSINESS ADVICE
by Ian Sharpe, Branch Director, for Jelf in Swindon
How GDPR will affect your business as an employer
The General Data Protection Regulation( GDPR) came into force on May 25 2018. But do you know how the changes in data protection law will affect your business? Our employment specialists have identified some of the key changes which we think you need to consider in order to comply.
|
Who does GDPR apply to? GDPR applies to all companies within the EU that process and hold the personal data of employees or candidates residing in the EU. However, it also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects( namely employees and job applicants).
Key changes GDPR has introduced
1. It is now much harder to rely on consent as a legal basis for processing personal data. Personal data is any information from which an individual can be identified from. This includes a name, identification number or online identifier. For consent to be valid, it must be freely given. 2. Employers have one month to respond to Subject Access Requests, starting from the date of receipt, rather than the current
|
40 calendar day. These are often used by employees who wish to see a copy of the information their employer holds about them.
What does your business to do?
A good place to start is to carry out an audit to identify what personal data you hold about employees and candidates, and where it came from. How and why personal data is processed should be clearly identified. This is to determine whether there’ s a lawful basis for processing employees’ personal data.
You also need to have appropriate documentation, including:
• Privacy notice. This informs employees on how and why their personal data will be used in the context of an employment relationship.
|
• Data protection policy. This is recommended to set out a company’ s commitment to handling data under GDPR and data protection law and should normally be included in the employee handbook.
• Data retention policy. While GDPR doesn’ t set out specific periods for retaining records relating to employment, it requires that data must not be kept for longer than necessary.
• Breach policy / procedure. This is important to help ensure compliance with the breach reporting requirements. Where there’ s been a data breach which is likely to“ result in a risk for the rights and freedoms of individuals”. You’ ll have to notify and provide certain information to the data protection authority within 72 hours. The individuals whose data has been breached will also have to be notified.
|
• Consent form. On the rare occasion where a legal basis for data processing cannot be relied on, it will be necessary to have a separate consent form. It’ s important this is worded clearly and relates to the specific data processing.
For more info: www. jelf. com
ian. sharpe @ jelf. com 01793 714431
|
Meet Paul Holmes by Paul Holmes, PCH Business Support
Do a“ Meet Paul” article I was told.“ Get an engineer to talk about themselves – definitely not my comfort zone,” that’ s what I was thinking.
I’ ve often been described as a‘ fluffy engineer’ because, apparently, I can actually talk to people. In fact, relationships have been at the heart of everything I have done throughout my career.
I’ m Paul Holmes and I’ m a Yorkshireman who dared to leave Yorkshire and head south to learn about electronics, mechanical engineering and manufacturing, working for large manufacturing corporates for much of the last 25 years.
This experience has given me a strong grounding in business practices, systems and project management. It has allowed me to become involved in- and to lead- projects around cutting-edge innovation, engineering and science. I’ ve helped build factories, production facilities, run large scale funded programmes and have even been instrumental in setting up a school. Recently I set up PCH Business Support to take all of that experience to help others. My career has taught me every business is different, every business owner has different goals and aspirations. Some are realistic and some are not. All will involve investment in time, money and passion.
By setting up my own business – and accessing trusted associates when needed – my desire now is to work with ambitious and passionate business owners who want to work in a practical way to find solutions and fix problems.
What have I done professionally to deserve that kind of trust? The answer is quite a lot. I was involved with the building and setting up Johnson Matthey Fuel Cells( JMFC) and then worked there for over 14 years as a manufacturing and project engineer, programme manager and most recently the automation and mechanical engineering manager.
On behalf of JMFC I became a director of UTC Swindon and was involved in the funding application, design, construction and setup and am still the Vice Chair of Governors – winning the JMFC Global sustainability award.
I was also the Director of Investment at Forward Swindon working with businesses, organisations and leading the Inward Investment service for the Department for International Trade( DIT). Throughout there have been countless community and charity involvements and I’ m also currently Chairman of Devizes Round Table.
For a no-obligation conversation feel free to call on 07715 008521 or email paul @ pchbusinesssupport. co. uk or visit www. pchbusinesssupport. co. uk
32 THE BUSINESS EXCHANGE 2018