GDPR One Year Later. How is it Working?
The impact on HR
August 14, 2019 – The EU’s General Data Protection Regulation went into effect on May 25, 2018. How it is working, more than one year after the GDPR [AVG – Algemene Verordening Gegevensbescherming] was introduced in the Netherlands and what is the impact on HR?
Prior to the GDPR, the EU’s 1995 Data Protection Directive allowed member nations to have their own breach-notification laws. Some countries had mandated breach notification, but their approaches differed. While the first year of the implementation of the GDPR should be considered a transition year, it is shown that many European countries and organisations are still in the transition phase. Making adjustments in enormous amounts of personal data and systems is a time-consuming process.
There have been massive increase in reports of data breaches since the implementation but, there has not been any fines handed out for non-compliance to companies for mishandling personal data.
While the implementation in the Netherlands was subject to negativity at the start, due to more regulations and the huge fines, the shift in mindset on handling of personal data is positive. It has lead to more awareness of HR departments on continuously and validating how to collect and store data. As a result, many companies have appointed a GDPR specialist to monitor compliance accordingly.
Impact on HR
The compliance is the company’s responsibility, therefore it is essential to still educate employees and raise awareness. The policies and procedures to data privacy are important as well as training to ensure employees understand their rights and obligations when handling the company’s data.
The impact on recruitment is also important to make sure the company is asking only for necessary information in recruitment processes and in benefit forms.
Furthermore, HR should have a document in place on the retention periods for data in employee files. For offer letters and resumes of candidates not hired, a retention period of no later than 4 weeks is applicable after the recruitment processes ended. Make sure you delete the file after that period!
In case you want to know more about the data in the employee file, please download the checklist. What to include in Employee File and how long to keep the record.
While HR departments still record employee’s personal data with globalised HR systems, the impact on HR will remain to continue to think about the reasons for data storage in each of the HR processes and take into account the rights of employees.