GDPR two years on – how compliant are you?

It’s been nearly two years since the changes to data protection came into effect with GDPR. As an HR consultancy, we are continuously supporting our clients with data protection and ensuring that they are as compliant as they can be.

Our clients vary in terms of shapes and sizes and operate across sectors, we are mindful that GDPR affects our clients in different ways.

Indeed, as HR professionals, we deal with confidential and sensitive information on a daily basis and must always be on top of GDPR and never become complacent.

From an internal point of view, it is important to have all the relevant policies and procedures in place. However, once you have these, it is even more important to ensure that you are following them and this can be evidenced. This was highlighted by a recent case investigated by the ICO, whereby an Organisation had all the policies in place but in practice, were not following these.

The practicalities of complying with the GDPR

It is so important to know how compliant you are and understand the legal basis for processing, data auditing and privacy notices / policies, and who is ultimately responsible for this.

To help with compliance, I have listed some essential steps below:

1. Ensure all your staff attend and carry out mandatory training. We appreciate this is not always practical and we have therefore developed an interactive and engaging E-Learning module which can be accessed remotely, please see link to demo below. https://www.gravitatehr.co.uk/gravitate-hr-gdpr-toolkit-for-small-businesses/
2. Ensure your policies and procedures, privacy notices are kept up-to-date and reiterated to staff on a regular basis.
3. Ensure staff contact details are up-to-date and checked on any personal correspondence.
4. Carry out data audits on an annual basis to ensure that you are fully aware of your processing activities and the legal basis for doing so.

If you would like to find out more about our E-Learning module or how we can support you with your GDPR compliance, please feel free to contact us.