GDPR: an opportunity to improve HR processes
On the 25th of May 2018, the General Data Protection Regulation will come into effect in all EU member States. To escort the boom of digital possibilities, this regulation strengthens the legal framework surrounding the use of personal data.
Existing rules concerning data protection have been deepened (right of erasure, right of data portability, etc.) and new measures are to be introduced by companies (such as: appointing a Data Protection Officer, requiring the explicit and informed consent of individuals, collecting strictly necessary data, notifying data breach to the competent authority and concerned individuals, etc.).
Companies are strongly encouraged to ensure compliance by May 2018, as a lack of compliance can lead to fines of up 4% of their global annual turnover.
Therefore, in order to meet the new standards, the Human Resources Departments have initiated projects that are as important as diverse: mapping of HR data, auditing contracts with HR providers, strengthening rules (for transfer, storage, archiving, IT, etc.), organizing campaigns on retention period, obtaining employees and applicants’ consent regarding their data treatment, etc.
At first sight, such compliance projects might appear time-consuming and tedious. However, if well managed, they can bring numerous opportunities to HR departments. This article presents an overview of those.
Enhance HR digitalization
Some HR processes – such as personnel administration – postpone their digitalization.
The regulation requires a strict compliance with personal data retention periods and thus data deletion once this period exceeded.
By being digitalized on internal servers or storage tools, the applicant and employee folders are more secured and the overtaking of the legal retention period is easier to spot.
Therefore, the more personal data is digitalized, the more the compliance with the GDPR and its sustainability is guaranteed. Furthermore, the time dedicated to comply is minimized and optimized.
As a consequence, the GDPR represents a good motivation (as well as many others!) to reinforce the digitalization of HR processes.
Unify the HR community
To ensure the GDPR compliance of all the HR processes, Sia Partners encourages HR services to better communicate among each other: what are the personal data flows? What providers does each HR service work with? Where are applicant resumes stored, in addition to recruitment platforms? Is there a specific HR service in charge of asking the employees’ agreement for data collection, storage and use? Does this service keep a proof of their explicit consent? Is every service able to provide to an employee or applicant his data in case he asks for it?
The GDPR encourages an HR Department to take a step back, look at the overall picture of its organization and break down the silos of each service, in order to get an in extenso and process-oriented outlook.
This approach also represents an opportunity to rationalize and optimize processes.
For instance, HR managers can realize that an operation is proceeded several times by several services or input in several information systems. For instance, working contracts and administrative data could be asked to employees, controlled and stored by several departments (HR Business Partner Department, Payroll and administration department, Training department, etc.) or even input in several information systems (the career management system, the payroll system, the time management system, etc.). Such finding enables to rationalize processes by designing a single key responsible and limit multiple data entries thanks to improved system interfaces. As a result, HR stakeholders are able to free up time for higher added value missions.
More broadly, this approach represents an occasion to gather and strengthen the HR community: HRs can share good practices and feedbacks altogether.
As a conclusion, the GDPR compliance projects can be transformed in a highlight for the HR community, leading to cost and performance optimization.
Foster discussions with managers and enhancing the corporate culture
HR personal data management scope goes beyond HR Departments themselves. Throughout appraisal campaigns, salary increases and recruitment missions, managers deal with plenty of personal data. Thus, the HR Business Partner has to raise managers’ awareness on personal data protection and GDPR rules.
This topic can be a starting point of other ones and the occasion to discussion on the collaboration between a manager and his HR Business Partner: does the manager expect more HR support? What does he think about the existing HR campaigns? Could the manager play a more active managerial role within his teams?
In addition, plenary meetings could be organized to introduce to employees the rules and good practices regarding the personal data protection, as a new component of the corporate culture. To hit two targets with one bullet, such meetings represent a good opportunity to remind the corporate values and objectives.
By considering the opportunities that can be offered by GDPR compliance projects, HR departments can transform the GDPR into a drive of improvements. Acceleration of HR processes digitalization and securement, optimization of the costs and HR performance, enhancement of the HR community and corporate culture: the GDPR opportunities are many and varied… provided that companies start their projects now and do not wait until the 24th of May 2018!
Since 2015, the GDPR experts of Sia Partners support companies in their compliance projects.
Please visit our website to test your GDPR knowledge and consult our offer.