When you apply for or get a new job, your potential employer needs data on you to manage your job application and the employee relationship, such as your CV, your bank account details (so you can get paid!), and other types of data.
At this point, personal information and corporate data begin to blur, and you’ll want your data to be used in the right way. For companies, this means it’s critical to not only stay compliant, but to ensure your employees’ feel confident in how you manage their data.
By now you’re probably aware that the General Data Protection Regulation – or GDPR – will apply in the UK from 25 May 2018, and that businesses need to prepare for its introduction now.
>See also: GDPR: What do you need to know?
Even with Brexit, the UK will most probably inherit the GDPR and make it into national Law. The GDPR is designed to bring harmony to data privacy laws across Europe, improve the privacy of citizens, and reform the way businesses approach data privacy, by consolidating more than 30-years of privacy laws and privacy experience in Europe.
As such, the new legislation strikes a better balance between businesses and individuals. There’ll be bigger fines for those who aren’t compliant or breach the laws, and individuals will have more power on how companies can use their personal data.
Companies – or for the sake of the legislation ‘controllers’ – are responsible for ensuring data is processed legally, transparently and with purpose, and deleted as soon as it’s not needed. So, for instance, a company could take your personal details when they hire you, but only the details required for the hiring process and employee management, and then they will need to delete them once you leave the company.
For many businesses, this may mean a lot of changes and reviews to ensure they are compliant, and while it may look daunting, it certainly isn’t a bad thing.
Power to the people
Companies will only be able to collect and process reasonable required data, otherwise consent will be required. Consent is a big factor in this legislation, and will empower your workforce to limit how you manage their data.
If processing data based on consent, Companies will need to keep records of how and when consent was gained, and the employee could withdraw their consent at any time as well as request access to information on how it’s being used.
>See also: What are US companies’ view on GDPR?
Bringing this kind of transparency into companies and granting individuals this power isn’t a bad thing, because it will ultimately build trust among the workforce. The Great Place to Work 2015 UK Population Survey found employees trust their managers more (55%) than their senior leaders (40%).
While the statistic alone is surprising, the overall trust in superiors – whether it’s their managers or senior leadership – is poor regardless. Even at director or senior management level, more than a quarter (28%) felt they couldn’t trust senior leaders or line managers at their organisation – and that’s not good for any relationship.
When people are in reciprocal, trusting relationships they are happier, and we also know from our own research with IDC in 2016 that happiness and workforce engagement are directly linked in the 16 European countries surveyed.
Most European companies already store personal data safely, but if this legislation means your staff know they can trust you to manage their information correctly and have a clear understanding of who can see what, then that can only be a good thing.
How important this is to each employee varies on a cultural and psychological level, but more information is generally better.
Consider what’s important
The other important thing to think about is the fact that the data that’s most precious to companies isn’t necessarily the data most valuable to an employee. Take salary data for instance – for companies, this is administrative data rather than strategic, but for an employee it’s usually data they would like to keep confidential.
>See also: Benchmarking global readiness for the GDPR
Predictive analytics on each staff member’s succession planning have a greater impact on companies, and it’s this data that business leaders want to keep confidential for strategic purposes.
One way to look at this is to ask: “apart from the legal necessities, what HR-related data do we need to have access to?”. Note that there is a consequence here. For instance, if succession data is needed, you must ensure that you have the tools to keep the information up to date.
In this case, it often comes from performance reviews. Is a yearly review enough to ensure you have the best information on your talents’ skills? How about ongoing feedback instead? And how do you organise this so you can collect the data, as often as you need it?
Likewise, forcing companies to be more compliant and transparent on their data storage will require much of the IT team’s expertise. In a time where data breaches and cyber-attacks are increasingly common, bringing departments closer together like this and having high input from IT will boost security for the business too.
So, while change can be an intimidating task – particularly for large companies in this case, the overall benefit of improving processes outweighs possible negatives. Becoming compliant and transparent will ultimately improve trust and security for employee and business alike, creating better relationships all around.
Sourced by José Rodriguez, global data protection officer, Cornerstone OnDemand
Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!