DP and HR – Getting data protection right for employees (guest blog, Protecture)
“Staff are our greatest asset”
“We couldn’t do it without our volunteers”
One way of demonstrating the value that you place on your workforce – volunteers as well as staff – is by keeping the personal information that they share with you safe, secure and confidential.
If you’re not fully convinced by that argument, this is a friendly reminder that the obligations and rights set out in the GDPR and the DPA 2018 apply to staff personal data as much as to your customers, supporters and other stakeholders. The risks of getting it wrong can be costly.
Regardless of whether you have a workforce of 5 or 5,000, we suggest you can keep on the right side of the law, respect the data privacy of your biggest asset whilst still delivering the HR functions that are critical to your organisation.
Our webinar covers the top 5 questions that we get asked about data protection and HR. The main concerns are around recruitment, staff access to their personal data, and how long to keep things for.
These are the top 5 questions – and our very headline answers. You can hear the more detailed responses by listening to the webinar via the link below.
1. What should we do with CVs, interview notes and other stuff gathered during recruitment?
Use the successful applicant’s information to start their personnel file, and delete the other applicant data after 6/12 months.
2. Do we need to get consent from staff to keep their personal data?
For most uses of personal data, you won’t need to get consent from staff or volunteers.
3. Can staff really ask to see what’s in their personnel file?
Yes! And you should work on the basis that they may be able to see all of their personal data – though you may be able to withhold some data by exception.
4. Can we monitor staff emails?
Yes.…. but monitoring has to be proportionate and transparent.
5. How long do we need to keep personnel records for once someone has left the organisation?
There are minimum periods for some types of information, and organisations also need to make decisions based on business need.
Here is the link to the free webinar we ran on the topic: https://vimeo.com/339389981
- BFI are delighted to have Rowenna Fielding, Protecture's Senior Data Protection Lead, covering two essential topics on GDPR as they relate to the HR function.
She will be covering 'Data collection and interpretation to promote workplace inclusion: What HR needs to think about now' at our '3rd Annual Supporting LGBTI+ in the Workplace Summit' in London on 9th October.
Rowenna is also chairing our 'GDPR Employee Data Conference for Employers: An Essential Update' in London on 16th October where she will also be covering 'Crucial policy changes and updates: a checklist'