It seems that it’s not just social media accounts and phones that deprive us of our privacy, talent management systems and employment practices are also involved in making us a slightly less private person.
The new GDPR (General Data Protection Regulation) legislation is here to protect people’s privacy. And why not? With clear evidence from Cambridge Analytica and the dubious case of Facebook listening in on our phone conversations, regulations were long overdue. But it did come, eventually.
This new rule is not limited to European companies that are in possession of the data of citizens of the European Union (EU), but also includes those companies that work with European companies. In a sense, it refers to a global law for data protection. Head of human resources around the world have accepted the dynamics of it.
They are concerned about how they are going to streamline the data needs for the new GDPR regulations when all types of data used for the identification of an individual, such as genetic, psychological, socioeconomic, religious, and cultural, fall under the purview of GDPR. Here is a checklist that a hiring manager should follow:
• Data Protection Impact Assessment (DPIA): Every time a new project is planned that involves the storage of personal data in permanent systems, the DPIA should be tested.
• Speak up about the data breachNote: If a data breach occurs despite all precautions, local data protection authorities must be notified within 72 hours of becoming aware of the data breach. What does that mean for organizations? This means that they are expected to have processes and technologies in place for data breach detection within the stipulated time frame. In order to have substantial employee training and foolproof Internet data security policies, the hiring manager must plan, execute, and implement many changes.
• right to be forgotten: GDPR is in accordance with the principle of data minimization. This principle requires that organizations use only as much data as is necessary. If the data is not required for the initial purpose, it must be deleted. Additionally, customers have the full right to object to organizations using their data. All data, no matter how far down the process it was saved, should be deleted.
It is the responsibility of the head of human resources to adhere to these new regulations or face the music. And the cost of music is not less (pun intended). Failure to comply with the new regulations can lead to a fine of 20 million euros or 4% of the company’s global income.
When the largest of companies like Facebook can fail to protect data, the focus has shifted to the importance of data and the egregious use to which its breach can lead. The reason, head of human resources of the main companies, is the best protection of your privacy.