GDPR and Human Resources

With GDPR moving into enforcement this month, many businesses in the United States are scrambling to perform damage control.

Human Resources has unique concerns about GDPR

– Do I need consent to collect personal information about our employees?

– Are there extra steps required before providing employee information to outside benefits companies?

– Are things like external contact lists even allowed anymore?

– What are HR’s responsibilities for protecting personal information?

– What do I do if an employee wants me to “delete their data”?

– What is an appropriate GDPR training program for our employees?

If your business sells product in the European Union, has employees in the European Union, or collects data from European Union citizens, you may be at risk of huge fines from non-compliance.

If you are concerned about GDPR compliance, I recommend the next steps:

  1. Check with C-level management to determine whether anyone (normally the IT department) is already taking the lead. If they are, make sure to provide information about HR’s use of personal data, especially any transfers outside the company.
  2. Start a gap analysis. This involves two experts: a systems architect to map out your information systems and data flows; and a GDPR-specialized lawyer to determine whether your processes are allowable, and whether your legal contracts with vendors are solid. The gap analysis will give you a list of prioritized actions necessary to comply with GDPR.
  3. Begin compliance projects.
  4. Request a demo of this course:  GDPR for United States Employees by Native Intelligence, Inc.  I worked with Native Intelligence to create this fun and informative course.  It teaches specific skills and procedures to your front-line employees for compliance with GDPR.  And it is a good overview if you want to learn about the topic yourself.
Rights of the Data Subject: GDPR for United States Employees training course by Native Intelligence, Inc.

The European Union will be looking to make examples of some companies over the next year.  If you can show that your company is actively trying to comply with the law, you will be on much better footing than other potential targets.

Regarding hiring Kieri Solutions, GDPR consultant near Frederick MD, for help

There is a huge amount of demand by companies right now for GDPR assistance.  I am happy to speak with you about whether GDPR applies to your company, and to what extent.   A very brief gap analysis takes about two weeks.  A more in-depth gap analysis can take six weeks or longer (if your business is complex).  If you want to go forward with a gap analysis, I will need to schedule it out so that our lawyer and systems architect are available.   I can be reached at the contact info below.   Thank you,

V. Amira Armond

“Resilient IT”

kieri solutions IT consultant service provider cybersecurity logo

A Woman-Owned Small Business serving Frederick MD, Baltimore MD, and nearby cities.