Regulations and manuals don’t protect personal data if they are not used!
Most organizations are already reviewing their operations related to the General Data Protection Regulations (GDPR) that will enter into force on 25 May 2018. Organizations have probably mapped out the current situation, carried out audits and written up manuals and stored them into folders. Perhaps the amount in which the regulations apply to the organization has also been made clear. It must be stressed, that this process is not merely a formality. Protecting personal data has to be a constant part of the organization’s everyday operations.
<strong>Manuals are pointless if nobody knows how to use them!</strong>
Personal data protection processes and manuals are useless if they are not put to use. It means that they should be introduced to employees, who come in contact with personal data daily. By “introduced”, we do not mean just getting the employees to sign the manual, but actually training your employees. The outcome of the training should be that the employees know how to use the manuals to protect personal data in their everyday work. Also, they should know how to recognize situations when personal data might leak and what to do in case this happens. You should inform your employees about how the organization protects their employees’ data. It may include information about the employer’s access to employees’ computers or files etc. The management can carry out the training themselves or ask help from a specialist.
<strong>Attention, HR managers!</strong>
GDPR also applies to personal data of the employees. Which means that a HR manager is the person who must be especially prepared for answering questions regarding GDPR and personal data protection. Employees should always be able to turn to their HR manager and ask what personal data the employer gathers about them and why. I.e. if the employee doesn’t like their picture on the company’s website, they can ask to have it removed. Same goes for notes about being on maternity leave. The employee can reference the GDPR whilst making those requests. According to the regulation, the HR manager must always be prepared to give employees information regarding the topic. It’s also important to know whether and which information can be given out to employees and in what way, to make sure it stays secure.
In conclusion, since the mere existence of regulations and manuals do not ensure the protection of personal data, and there is no limit to ways of how data can leak, they must be made known to employees in a clear and understandable way.
Be sure to contact us when you have any additional questions.