GDPR does apply to company employee data protection, former employees and contractors too!
With GDPR, if a US company has employees or contractors in the EU, employers need to take notice of the ways in which they process employee data protection, the purposes for which they process employee data and the processes and procedures in place for the collecting, transferring, and storing of employee data. In order to tackle these requirements of employee data protection and best protect a business, Natuvion recommends that you schedule a one-day review of your current employee data protection policies and practices.
GDPR brings increased employee rights
Under the GDPR, EU employees or contractors (as data subjects) will have greater rights:
- the right to be informed, employers must provide transparency as to how personal data will be used;
- the right of access;
- the right to rectification of data that is inaccurate or incomplete;
- the right to be forgotten under certain circumstances;
- the right to block or suppress processing of personal data;
- the new right to data portability, this allows employees to obtain and reuse their personal data for their own purposes.
GDPR brings more company accountability and privacy by design regulations
The new accountability principle requires US businesses to demonstrate that they comply with the data protection principles and states explicitly that it is their responsibility to do so.
In your one-day workshop, Natuvion will ensure that you;
- put in place a plan for appropriate measures to ensure and demonstrate that the measures comply (this may include internal employee data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies);
- maintain relevant documentation on processing activities. Natuvion will provide templates and guides for using SAP Information Retrieval Solution and Information Lifecycle Management.
- where required, Natuvion will make recommendations on the need to appoint a data protection officer (DPO gdpr);
- implement measures that meet the principles of data protection by design and data protection by default (Natuvion has the world's first GDPR certified anonymization and pseudonymization engine).
- recommend where data protection impact assessments gdpr (PIA) need to be used, Natuvion runs these to help organizations identify the most effective way to comply with their employee data protection obligations particularly in the recruitment and post-employment arenas.
As well as the obligation to provide comprehensive, clear and transparent privacy policies, if the employer has more than 250 employees, it must maintain additional internal records of its processing activities, tools such as SAP IRS can help to reduce these further cost and administrative burdens on employers.