HR:4UK’s GDPR Compliance Statement
The new EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018 (including the UK regardless of its decision to leave the EU). GDPR will impact every organisation which holds or processes personal data. The regulations introduce more stringent enforcement with substantially increased penalties as well as new responsibilities, including the requirement to demonstrate compliance.
HR:4UK holds itself to the highest legal and ethical standards for compliance and we place a high priority on protecting and managing data in accordance with acceptable standards and working closely with our clients and business partners to meet contractual obligations. It is important to recognise that compliance is a shared responsibility and all organisations need to adapt their business processes and data management practices.
HR:4UK are well aware of its role in providing the right tools and processes to support our clients to meet their GDPR mandates and have been evaluating the new requirements and restrictions imposed by the GDPR. HR:4UK are taking the appropriate action to ensure that we handle client data in compliance with the regulations by the 25th May 2018 deadline.
How is HR:4UK preparing for GDPR?
HR:4UK will be complying with the GDPR as a processor and controller of data. We have been planning, developing and implementing a programme of works which will deliver what is required by legislation. As we work towards compliance in the lead-up to 25th May 2018, we have put in place a dedicated internal team to meet our GDPR obligations. Some of our ongoing initiatives are:
Identifying personal data
The most important aspect of GDPR is how the collected data is used. Each of our different operating systems undertake a different level of personal data collection, usage, storage and disposal. We are already undertaking a systematic review on the data we store; manage; maintain; collect; process and control (including offline storage and paper records). We are further undertaking risk assessments to include more detailed consideration on the data types we hold and a data impact analysis of personal information stored and processed.
Enhancing data integrity and Security
HR:4UK uses a range of software applications to provide efficient and high quality services. We are building on existing security and business continuity by tightening our security processes and implementing additional IT policies and procedures to provide end to end privacy and security.
Whilst HR:4UK already has a complaints handling procedure, we are working on further enhancing our procedure to provide a much improved process and procedure which complies with the new GDPR reporting timeframes.
Website data collection and consent
Continuous employee awareness is vital to ensure continual compliance to the GDPR and HR:4UK are committed in ensuring that we comply with this ongoing obligation to train our staff. HR:4UK have already commenced training and awareness across the organisation to ensure that all staff and stakeholders understand the impact of our new policies, procedures and our responsibilities in relation to personal data.
HR:4UK are already undertaking a robust review on all our policies and procedures. HR:4UK takes these matters seriously and have an appointed Data Protection Officer; Compliance Officer and Complaints Officer. We are developing and implementing robust Compliance Monitoring and Internal Audit Policy and Procedures. Our dedicated team will inform, advise and monitor compliance.
The volume of data handled by organisations is growing and is collected, processed and stored on an increasing number of devices and networks. HR:4UK are committed to providing technology solutions to support our GDPR obligations. We are undertaking a full review and assessment of all our operating systems, platforms and devices to identify any gaps and risks and to ensure that a more disciplined approach is adopted when processing data.
Our client contracts will be reviewed with privacy statements implemented.
Supplier and partner relationships
Where relevant and related, we will be using all reasonable endeavours to ensure that our third party providers and suppliers are complying with GDPR.