It seems it’s not just social media accounts and phones that rob us of our privacy, talent management systems and employment practices are also involved in making us a little less private.
The new GDPR (General Data Protection Regulation) legislation is here to protect people’s privacy. And why not? With clear proof from Cambridge Analytica and the iffy case of Facebook listening in on our phone conversations, regulations were long overdue. But it came, eventually.
This new rule is not limited to European companies that are in possession of the data of European Union (EU) citizens, but even covers those companies that work with European companies. In a sense, it refers to a global law for data protection. Head of human resources around the world have accepted the dynamics of it.
They are concerned about how they are going to expedite the data needs for the new GDPR regulations when all kinds of data used for the identification of an individual, such as genetic, psychological, socioeconomic, religious, and cultural, fall under the purview of GDPR. Here is a checklist for a hiring manager to follow:
• Data Protection Impact Assessment (DPIA): Whenever a new project is planned that involves the storage of personal data in permanent systems, the DPIA must be tested.
• Raise your voice about data breach: If the data breach occurs despite all precautions, the local data protection authorities must be notified within 72 hours of becoming aware of the data breach. What does that mean for organizations? This means that they are expected to have processes and technologies in place for detection and data breach within the stipulated time period. To have substantial employee training and foolproof Internet data security policies, the hiring manager must plan, execute, and implement many changes.
• right to be forgotten: GDPR agrees with the principle of data minimization. This principle requires organizations to use only the amount of data that is necessary. If the data is not required for the initial purpose, it must be deleted. In addition, customers have the full right to refuse to allow organizations to use their data. All data, no matter how far down the process it was saved, must be deleted.
It is the responsibility of the head of human resources to adhere to these new regulations or face the music. And the cost of music is not less (pun intended). Failure to comply with the new regulations can lead to a fine of 20 million euros or 4% of the company’s global revenue.
When the largest of companies like Facebook can fail to protect data, the focus has shifted to the importance of data and the egregious use to which its breach can lead. The reason, head of human resources of major companies, is the best protection of your privacy.