A data protection officer, DPO is the voice of data protection compliance within an organization. The DPO is still expected to be able to help organizations comply with their legal obligations and for GDPR manage the security of personal data.
With GDPR, if a US company has employees or contractors in the EU, employers need to take notice of the ways in which they process employee data protection, the purposes for which they process employee data and the processes and procedures in place for the collecting,
Preparing for the General Data Protection Regulation: A 'Wait and See' approach is going to be pricey for US organizations doing business with the EU.
What do Human Resources departments need to know about Data Protection Policy (GDPR) when using SAP HCM or SAP SuccessFactor systems?
The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018, giving Human Resources (HR) departments just a few months to ensure that they have updated their processes for collecting and processing data about employees, former employees and job candidates.
Three important GDPR articles that HR needs to know now....
The GDPR changes prospect and customer engagement rules.
The conditions for obtaining prospect consent are stricter under GDPR requirements, as the individual must have the right to withdraw consent at any time. There is also a presumption that consent will not be valid unless separate consents are obtained for different processing activities.
- Newsletters | This means you have to be able to prove that the individual agreed to a certain action, like receiving a newsletter for instance. It is not allowed to assume or add a disclaimer, and providing an opt-out option is not enough.
- Marketing and sales activities | Companies will have to review business processes, applications and forms to be compliant with double opt-in rules and email marketing best practices. For example in order to sign up for communications, prospects will have to fill out a form or tick a box and then confirm it was their actions in a further email.
- Audit Trails | Organizations must prove that consent was given in a case when the individual objects to receiving the communication. This means that any data held, must have an audit trail that is time stamped and reports information detailing what the contact opted into and how. It must also be possible to permanently delete data from your CRM systems.
- Purchase marketing lists | The company is responsible for getting the proper consent information, even if a vendor or outsourced partner was responsible for gathering the data.
- Trade Shows | In the corporate world, sales people meet potential customers at a trade show, they exchange business cards, and they add the contacts to the company’s mailing list when they come back to the office. In 2018, this will not be possible anymore. Companies will have to look at new ways of collecting trade show prospect information.