What does GDPR mean for employees?
The answer is twofold – employee personal data will be collected and processed by virtue of the employment relationship and, in the course of their job, staff may well be responsible for processing the personal data of clients and customers.
Most companies and their managerial staff will have been getting to grips with updating data protection policies and procedures and cleansing their data bases for some time but, if their employees don’t understand their roles, responsibilities and rights when it comes to GDPR, and haven’t been trained, you could be leaving yourself wide open to the possibility of a data breach. After all, data protection is everyone’s responsibility.
So, what do employees need to know?
Explain your new policies and procedures
Staff must be trained on new data protection procedures to ensure the safety of the personal data you hold on customers, suppliers, partners, contractors, employees etc. For example, ensure they understand the rules for using portable devices like laptops and mobile phones out of the office, in order to keep data secure.
In case of a data breach….
If the worst happens, your employees must know precisely what to do and by when. They should know to whom to report and that there should be no delay in informing this person of the breach. After all, under the Regulation, serious breaches need to be notified to the ICO within 72 hours.
What are the consequences?
This new regulation has teeth. The fines have increased dramatically so you need to emphasise to your staff that there are very real consequences of a data breach under the new Regulation. Whilst the maximum fine is now €20m or 4% of global turnover there are also potentially serious consequences in terms of reputation and consumer trust – arguably equally important as the punitive measures.
How their data is being used
As an employer, you have access to personal data about your employees.
Tell your staff -
- Of any changes to their contract and company handbook
- Why you are processing their personal data
- Who you will be sharing their data with e.g. payroll or pension providers
- Their rights under GDPR, e.g. right to withdraw consent or lodge a complaint
Don’t forget to communicate in plain language. The GDPR can seem complicated but clear communication will assist your employees to understand their personal obligations when dealing with customers, their rights as an employee in your organization and, as a customer in their own personal capacity.