BUSINESS ADVICE
by Ian Sharpe , Branch Director , for Jelf in Swindon
How GDPR will affect your business as an employer
The General Data Protection Regulation ( GDPR ) came into force on May 25 2018 . But do you know how the changes in data protection law will affect your business ? Our employment specialists have identified some of the key changes which we think you need to consider in order to comply .
|
Who does GDPR apply to ? GDPR applies to all companies within the EU that process and hold the personal data of employees or candidates residing in the EU . However , it also applies to organisations located outside of the EU if they offer goods or services to , or monitor the behaviour of , EU data subjects ( namely employees and job applicants ).
Key changes GDPR has introduced
1 . It is now much harder to rely on consent as a legal basis for processing personal data . Personal data is any information from which an individual can be identified from . This includes a name , identification number or online identifier . For consent to be valid , it must be freely given . 2 . Employers have one month to respond to Subject Access Requests , starting from the date of receipt , rather than the current
|
40 calendar day . These are often used by employees who wish to see a copy of the information their employer holds about them .
What does your business to do ?
A good place to start is to carry out an audit to identify what personal data you hold about employees and candidates , and where it came from . How and why personal data is processed should be clearly identified . This is to determine whether there ’ s a lawful basis for processing employees ’ personal data .
You also need to have appropriate documentation , including :
• Privacy notice . This informs employees on how and why their personal data will be used in the context of an employment relationship .
|
• Data protection policy . This is recommended to set out a company ’ s commitment to handling data under GDPR and data protection law and should normally be included in the employee handbook .
• Data retention policy . While GDPR doesn ’ t set out specific periods for retaining records relating to employment , it requires that data must not be kept for longer than necessary .
• Breach policy / procedure . This is important to help ensure compliance with the breach reporting requirements . Where there ’ s been a data breach which is likely to “ result in a risk for the rights and freedoms of individuals ”. You ’ ll have to notify and provide certain information to the data protection authority within 72 hours . The individuals whose data has been breached will also have to be notified .
|
• Consent form . On the rare occasion where a legal basis for data processing cannot be relied on , it will be necessary to have a separate consent form . It ’ s important this is worded clearly and relates to the specific data processing .
For more info : www . jelf . com
ian . sharpe @ jelf . com 01793 714431
|
Meet Paul Holmes by Paul Holmes , PCH Business Support
Do a “ Meet Paul ” article I was told . “ Get an engineer to talk about themselves – definitely not my comfort zone ,” that ’ s what I was thinking .
I ’ ve often been described as a ‘ fluffy engineer ’ because , apparently , I can actually talk to people . In fact , relationships have been at the heart of everything I have done throughout my career .
I ’ m Paul Holmes and I ’ m a Yorkshireman who dared to leave Yorkshire and head south to learn about electronics , mechanical engineering and manufacturing , working for large manufacturing corporates for much of the last 25 years .
This experience has given me a strong grounding in business practices , systems and project management . It has allowed me to become involved in - and to lead - projects around cutting-edge innovation , engineering and science . I ’ ve helped build factories , production facilities , run large scale funded programmes and have even been instrumental in setting up a school . Recently I set up PCH Business Support to take all of that experience to help others . My career has taught me every business is different , every business owner has different goals and aspirations . Some are realistic and some are not . All will involve investment in time , money and passion .
By setting up my own business – and accessing trusted associates when needed – my desire now is to work with ambitious and passionate business owners who want to work in a practical way to find solutions and fix problems .
What have I done professionally to deserve that kind of trust ? The answer is quite a lot . I was involved with the building and setting up Johnson Matthey Fuel Cells ( JMFC ) and then worked there for over 14 years as a manufacturing and project engineer , programme manager and most recently the automation and mechanical engineering manager .
On behalf of JMFC I became a director of UTC Swindon and was involved in the funding application , design , construction and setup and am still the Vice Chair of Governors – winning the JMFC Global sustainability award .
I was also the Director of Investment at Forward Swindon working with businesses , organisations and leading the Inward Investment service for the Department for International Trade ( DIT ). Throughout there have been countless community and charity involvements and I ’ m also currently Chairman of Devizes Round Table .
For a no-obligation conversation feel free to call on 07715 008521 or email paul @ pchbusinesssupport . co . uk or visit www . pchbusinesssupport . co . uk
32 THE BUSINESS EXCHANGE 2018