GDPR is a legal requirement for all businesses. It means that both the business and the employees within the business must understand and be fully trained of their involvement with data and how its handled within their role.
See below the documents, processes and training, which should incorporate the relevant GPDR contents and clauses:
- Contracts of employment – this should incorporate the relevant GDPR/Data protection related clauses.
- Privacy notices – this would be for your recruitment and hiring processes, your website and online media too!
- GDPR compliant template letters – this could range from data protection procedure, data portability procedure, data deletion request form, subject access request form, data rectification form, data restriction form, data processing objection forms…to name a few!
- Data protection policies – this should be found in your Employee Handbook with additional information to cover data protection, communications, monitoring, data retention etc. This should also include procedures if anything ever happens.
- New starter onboarding processes – this should contain a GDPR agreement which will outline their responsibilities and confirm how their data is held by you.
- Leaver exiting processes – this would involve a process for exiting compliantly and ensuring that the employee understands their responsibilities even when they’ve left the business. This will also confirm how their data is held by you.
- Employee and line management training – this should include what GDPR is and why they have a responsibility.
- Communication – Employee communication ought to include, new employee consent form, confidentiality agreement, employee responsibility agreement and employee privacy notices.
Your HR requirements for GDPR are related to how you deal with your employee data and how you inform them of their responsibilities whilst in your employment. We can review what you currently have in place and provide a plan to ensure you are GDPR compliant – just get in touch! Drop us an email at firstname.lastname@example.org