It is probably one of the most used acronyms in business for the past couple of years, and the hype is only now beginning to subside as our understanding has increased.
This being said, it’s never too late to take in a bit of a quickfire refresher course – just because it isn’t being mentioned every 5 minutes doesn’t mean it isn’t still important (and governed!).
So, here are a few GDPR reminders to bear in mind;
This is the biggie. You must both make it explicitly clear what data you are collecting and ensure that the user is given the choice to opt out to having their data collected, stored and used. These options must be given separately too, rather than lumped together in one tick box, users must consent (or not!) to each one individually.
GDPR is all about giving individuals the power to access and control what data you hold about them. If someone asks to see this you have one month to provide the information, and you’re not allowed to charge them for this.
The right to be forgotten
Individuals also need to be given the opportunity to withdraw their consent at any time and must be given the right to be forgotten. What this effectively means is that they must be able to request for their data to be deleted at any time.
One of the biggest things around GDPR is that you must have a proven paper trail regarding your data management. This means having a centralized system that monitors how data is collected, stored and used.
Easy enough, right? But worth checking in that you’re meeting these criteria, as the fines are pretty hefty if you breach GDPR rules.
You can check out these resources for further information:
Guide to the General Data Protection Regulation - GOV.UK
GDPR Infographic - IT GOVERNANCE
The GDPR impacts on the future of recruitment - THE HR DIRECTOR