This programme will build on information employers are already aware of on the basics of GDPR. We will focus on key challenging areas and frequently arising questions businesses face when applying GDPR and the Data Protection Act 2018 to HR information and processes, helping organisations to find practical solutions to understand and manage risk.
HR professionals, in-house lawyers, privacy specialists and other professionals aware of the GDPR basics but seeking answers to the key challenging and frequently arising questions and issues applying GDPR to HR information and processes.
A large volume of often unstructured and sometimes sensitive information, used for multiple purposes, makes data protection compliance for HR personal data challenging.
Although updated contracts, privacy notices and new core privacy policies are important for GDPR compliance, far from being a tick box exercise, GDPR requires a careful consideration of all the HR information used by the organisation and a review of all HR processes to manage the impact and demonstrate privacy requirements have been sufficiently addressed.
Having taken steps to prioritise GDPR preparation, many businesses are struggling for clarity about what comes next.
Businesses in many sectors have found particular challenges around employee monitoring programmes (such as IT, vehicles and drug and alcohol testing); health information; diversity data; criminal record checks and other staff vetting; biometric entry and data retention.
The need to understand employment law obligations and the interplay between employment rights and data protection rights adds complexity in this area. Employees and former employees have often combined their employment and privacy rights (such as subject access) in a tactical way to maximise their protection or bargaining position when issues arise in their employment.
Examples in the media have highlighted how issues impacting the use of disclosure of staff data can have wide ranging ramifications both financially and reputationally.
Further, many organisations are uncertain about what Brexit means for privacy compliance and the transfer of employee data around international organisations.
This programme will look at key areas and questions we know employers are wrestling with regarding the application of GDPR in practice a year on. We will highlight the risks and actions you need to manage and discuss emerging market practice and updated ICO guidance.