There’s a lot being said about GDPR at the moment so we thought we’d uncomplicate matters and keep it simple with the what, when and why of GDPR from an HR perspective.
What is GDPR?
GDPR stands for General Data Protection Regulations. It’s a piece of EU legislation that harmonises a raft of data protection laws across Europe.
The regulations apply to any company processing the personal data of European citizens, even if that firm is outside the EU. Whether you’re handling this information in relation to offering goods, services or for the purposes of monitoring people’s behaviour, these regulations apply to you.
Why is the Law Changing?
In recent years, there has been a massive shift in technology and a huge increase in the volumes of data being processed. This has impacted how we gather, store and manage data. And it has also led to rising concern amongst EU citizens with regards how their data is handled and the level of control they have over it.
The existing legislation was published over 20 years ago so it was high time for an update.
When do You Need to Meet Your Obligations?
You need to ensure you’re compliant by 25th May 2018 and on an ongoing basis thereafter. If you’re found to be in breach, you can be fined up to €20m or 4% of annual turnover, whichever is larger.
What Does GDPR Mean for HR Data?
Employers have been required to provide staff and job applicants with a privacy notice that sets out certain information under the Data Protection Act. However, the GDPR means you will be required to provide additional information like how long you will store an individual’s data for and whether their data will be transferred to other countries.
You’ll also need to let employees know how to request a copy of their own data and how they can apply to have their personal data deleted or rectified. This means ensuring your data is labelled and stored to enable these activities to happen.
It’s important to be aware that employees can retract their consent for you to process their data at any time so you’ll need processes in place to help you swing quickly into action.
If your organisation is in the business of monitoring or processing sensitive data on a large scale, you will need to appoint a data officer. This role is in place to advise you on your obligations under the GDPR, monitor compliance and liaise with the data protection authorities.
What if I have a Data Breach?
Should you be unfortunate enough to suffer a data violation – be it through disclosure, loss or unlawful means, like a hacking incident – you must comply with the GDPR’s reporting requirements.
You will need to report specific information to the data protection authority within 72 hours. If there’s a major risk to the rights or freedoms of those employees whose data has been impacted, they will need to be notified.
All of which can cause a huge workload and significant embarrassment to your business.
What Steps Should You Take Next For GDPR?
On a positive note, the GDPR isn’t there to trick businesses into falling foul of the law. It’s aim is to protect individuals’ personal data, a right that all of us are entitled to.
To protect your employees’ data, there are several stages you need to undertake:
- Audit – know what employee data you’ve got, where it is, who has access to it and what you do with it. This is a good opportunity to minimise the data you hold by questioning whether you really need it or not.
- Gap analysis – are there any holes in your data handling processes that mean you won’t be compliant with GDPR? Identifying whether it’s a necessity to retain and process each piece of data is key as is taking action to correct any issues.
- Review privacy notices – this is one area where nearly all employers will need to make changes. Update your privacy notices to ensure they’re compliant whilst also being easy to understand.
- Do your legal homework – if you currently rely on existing consent to handle employee data you will need to get employees to sign a new, GDPR-compliant privacy statement to ensure you’re legal.
- Prepare your data breach response – you need to have a written policy and process so you can take immediate action should the worst happen. This could include training employees to be able to recognise a data breach and know how to take the appropriate next steps.
- Hire your data protection officer if required – be prepared to pay as these roles will be in demand.
The technicalities of the GDPR can feel dizzying, but by taking the steps outlined in this article you’ll have a much better handle on the personal data you manage. Not only will this help you take the actions required to keep employee data and the people it relates to safe from harm, but you’ll protect your business to boot.
For more information please contact us.
Successful businesses rely on getting their team to take the right actions at the right time in the right way. Ordering your people around won’t get you the results you’re looking for. But, according to nudge theory, subtly guide employees’ choices and you’ll find more people pull in the same direction.
We investigate what this fascinating theory entails, explore how it works and look at ways you can use it to align your employees more closely to your business.
The Nudge Theory
Nudge theory is the brainchild of Richard Thaler, an American economist who won the Nobel prize for his contribution to behavioural economic theory. Based on the premise that humans are irrational creatures, nudge theory is about tapping into emotional decision-making rather than appealing solely to logic.
The theory suggests that, by making subtle changes to how we communicate, it’s possible to encourage people to act in particular ways. Far more carrot than stick, the concept is about helping people to reach a particular decision, especially in situations where their own best interests are at heart.
What Does The Nudge Theory Look Like in Practice?
A good recent example is the 2012 change to pension legislation.
Before this date, employees had worryingly low rates of retirement savings. Although people knew they needed to save for old age, many were failing to do so. Even though it was clearly to their advantage.
Based on the premise of nudge theory, the government introduced auto-enrolment pensions. Instead of workers needing to take action to opt in to a pension scheme, they are automatically added.
The nudge hypothesis suggested most wouldn’t bother to remove themselves from the scheme and the theory has been proved right. As the graph below shows, from 2012 onwards, there has been a significant boost in the numbers saving for retirement.
How Nudge Applies to People Management
What does this mean when it comes to successfully managing your people and delivering the organisation’s mission? From hiring and learning and development to helping people feel engaged with their work and achieving and sustaining wellness, nudge can be employed in many ways.
1. Keep It Simple
Nobody turns up to work wanting to do a bad job. But poor performance sometimes happens because there are blockers that make it too difficult for some people to do the right thing.
One of Thaler’s key tenets is to ‘make it easy’. This can be achieved by reviewing all the hurdles an employee has to leap to do what you want them to do. By finding simpler ways to deliver the same goal, you’re more likely to engage employees with the task and secure better results.
This could mean reviewing policies, paperwork, forms and processes, stripping out the unnecessary and monitoring whether you get a change in behaviour. Employees always late submitting their expenses causing problems with cashflow? Assess whether you can make the process simpler to get better results.
2. Make Good Choices on Employees’ Behalf
Although pensions auto-enrollment has resulted in more people saving for retirement, many are still not saving enough.
Employers who want to help staff save sufficiently for their post-work lives can nudge them into making extra savings by asking them to commit to saving more in the future.
This approach has been trialed by some US companies who encourage workers to allocate a proportion of future salary increases to their pension.
Most people will commit to doing this because it’s a simple decision to make that won’t have an immediate impact on their income. It works because it leverages the human inclination to be more likely to agree to distant future losses.
And it works. Firms running this scheme found 80% of those enrolled were still in the programme after four years. Plus they had increased the portion of their salary being saved from 3.5% to 13.6%.
3. Emphasise the Negative
Staff training costs money and when people don’t turn up it’s like washing cash down the drain. Changing the way you communicate training can make a huge difference to the numbers who attend.
One company found that highlighting how non-attendance could mean missing out on potential promotions was much more successful than telling people that the training could help their future careers.
Why does this tactic work? Because humans are usually more motivated by the fear of losing out than they are of gaining something.
There are lots of ways you can nudge your employees into taking the right course of action both for them and your business. Think carefully about how you ask your people to take action and remove any barriers that make tasks seem too difficult. You’ll be amazed how tiny changes can make a big difference.
For more information please contact us.