It seems that it’s not just social media accounts and phones that deprive us of our privacy, talent management systems and work practices are also involved in making us a little less private.
The new GDPR (General Data Protection Regulation) legislation is here to protect people’s privacy. And why not? With clear evidence from Cambridge Analytica and the dubious case that Facebook overheard our conversations on the phone, the regulations were necessary for a long time. But it finally came.
This new rule is not limited to European companies that are in possession of the data of European Union (EU) citizens, but also covers companies that work with European companies. In a sense, it refers to a global data protection law. HR managers around the world have embraced the dynamics of it.
They are concerned about how they are going to simplify data needs to the new GDPR regulations when all kinds of data used for the identification of an individual, such as genetic, psychological, socio-economic, religious and cultural, falls within the scope of GDPR. Here’s a checklist that a hiring manager must adhere to:
• Data Protection Impact Assessment (DPIA): Every time a new project is planned that involves the storage of personal data in permanent systems, DPIA must be tested.
• Raising your voice on data breach: If a data breach occurs despite all precautions, local data protection authorities must be notified within 72 hours after the date of knowledge of the data breach. What does that mean for organizations? This means that they are expected to have processes and technologies in place to detect and breach data within the stipulated period of time. To have substantial employee training and foolproof Internet data security policies, the hiring manager has to plan, execute, and implement many changes.
• Right to be forgotten: GDPR agrees with the principle of data minimization. This principle requires that organizations use only the necessary data. If the data is not necessary for the initial purpose, it should be deleted. In addition, customers have the full right to refuse that organizations do not use their data. All data, no matter how far downstream in the process it has been saved, must be deleted.
It is the responsibility of the head of human resources to adhere to these new regulations or face the music. And the cost of music is no less (pun intended). Failure to comply with the new regulations can result in a fine of 20 million euros or 4% of the company’s global income.
When larger companies like Facebook can fail to protect data, the focus has shifted to the importance of data and the egregious use that data breach can lead to. The reason, head of human resources of the main companies, is in their best protection of privacy.