We recently published a guide explaining four things HR will be responsible for after GDPR. But if you’re looking more for a general starting point with GDPR, then I thought I’d take you through a few steps you should take between now and May 2018.
Here are six things you can do to prepare for GDPR. Don’t procrastinate – the sooner you start, the easier it will be.
1. Familiarise yourself with GDPR provisions.
Get to know the new legislation, and begin to absorb what this means for you. Ask yourself questions like “how does this differ from my current data protection obligations?”. For example, GDPR contains a lot of very similar rules to the UK’s Data Protection Act (DPA) – but there are also many rules that are very different.
2. Create an up to date inventory of personal data that you handle
If you work in HR, you’ll most likely be controlling sensitive employee information. This makes you the “data controller” – if you use a cloud-based HR system such as People HR, they will be the “data processor”. Using a digital HR system can help you identify and classify the data you control, without needing to sift through spreadsheets and paper files.
3. Review your controls and policies
You should already have controls and policies in place that dictate the way you manage data. So review them, and compare them to the new GDPR legislation. You may find that you already meet many of the standards required. You should also build a plan for how you will meet the standards you are not currently complying with.
4. Monitor GDPR news and updates
While it’s highly unlikely that the actual GDPR itself will undergo any changes, guidance on how to interpret and comply with the legislation is updated often. Keep your finger on the pulse, and aim to always be learning.
5. Consult a legal expert
The implications of GDPR may be slightly different from business to business, depending on the kind of data you’re processing, and what you’re using it for. Consulting a lawyer or GDPR expert on how to make specific changes within your organisation, will help you ensure you are fully compliant in time for the launch of GDPR in May 2018.
How we’re helping our customers prepare for GDPR
We’ve put together a page on our website, dedicated to outlining how we are supporting our customers with GDPR, and how they can do more to support themselves. For more GDPR information and advice, visit our dedicated GDPR page here.