By now you should have, hopefully, heard that changes are afoot to Data Protection law, due to come into force on the 25th May 2018. These changes are long overdue and reflect the significant developments we have seen over recent years in the way we communicate and share information.
Have you, however, given thought as to how these changes will impact on you as an employer or simply assumed it will be business as usual without giving any real consideration to the same?
The GDPR will bring with it enhanced requirements on businesses and if you have not already done so you should be undertaking, as a matter of urgency, a review of your current processes to ensure they will be compliant come 25th May 2018.
In particular you need to not only ensure that the data you hold and what you do with it complies with the GDPR come May, you also need to ensure you are complying with your obligations to provide certain minimum information to your employees regarding the retaining and use of their personal data, as well as their rights in respect of that data.
If you have either 250 or more employees or handle certain types of sensitive personal data (being renamed special categories of personal data) you may also be required to have certain policies and record keeping processes in place.