HR Professionals: Why worry about Data Protection right now?
Here at Databasix HQ, which we think now stands for ‘Home Quarters’, we’re hearing from a lot of our HR contacts that they’re super busy right now – whether they’re working within one organisation’s HR department or providing support to various organisations through a consultancy. The shift to home-working, remote-induction of new staff, existing staff on furlough and now, as redundancy programmes are beginning to gather momentum through the autumn, it seems as if the last thing that HR professionals need is another thing to worry about. If you add GDPR and data protection into the mix, is it the straw that breaks the camel’s back or can you feel confident in the processes you have in place to support you, just in case you need them?
Time is precious right now, and if you’re reading this over a quick cuppa, here’s 4 top tips for our friends in HR right now:
1. Don’t be surprised if you get one or more data subject access requests (DSARs)
If you’re going through a redundancy process, or dealing with grievances, the likelihood is that you’ll receive at least one data subject access request over the next few months. People may be unhappy about the decision that’s been made, and want to understand the justification behind it. Their first step is usually to ask for the personal data you hold on them – which may be specific to the process or it may be everything.
The key is to act quickly, work with IT to start identifying the relevant information. Don’t forget it may include text messages (including WhatsApp) and other communications messages, such as Teams or Slack, where the person has been the subject of the discussion.
Other people’s privacy must be protected – so comparative scores or information about performance of other individuals shouldn’t be revealed.
2. Remind staff regularly about data protection responsibilities
COVID-19 has forced organisations into a more flexible, remote-working approach which is likely to be in place for some time – if not forever. But the need to ensure that staff are continuing to comply with company policies hasn’t disappeared and data protection is an area where people can become complacent. A quick download of a different software tool, saving something locally because the VPN is slow, setting up a quick WhatsApp group ‘because it’s easier’ all increases risk to the organisation and are probably outside of agreed policies. Additionally, staff may be less likely to report their own mistakes as no-one has witnessed their ‘oh no!’ moment, again increasing the risk of a data breach.
Reminding staff through regular communications about good data protection practice can help reduce the risk. Consider asking managers to include data protection in their regular team meeting discussions. Sending helpful hints about securing data at home, use of personal equipment, making sure confidential calls remain confidential from other members of the household and secure data disposal can be done in bitesize chunks. This approach can support the more official reminders of relevant policies which come from your HR teams.
3. Transparency builds trust
With the pace of change in recent months, it can be easy to press ahead with new initiatives involving staff personal data without being fully clear about why that data needs to be collected to your employees. Take the time to put together the rationale for new data collection, why you’re collecting it and how long you’ll store it for and write a short privacy notice to explain these points to your staff. If there’s any impact on them that they need to be aware of (for example, a temperature check that means they get sent home or need to request a test before returning to work), include these details in the notice. Transparency builds trust. Being transparent about the what and the why means your people will trust the reasons behind the data collection. In turn, this prevents a lot of follow-up queries, annoyance and objections from your teams and makes the overall process smoother.
4. Risk-assess new HR software from a privacy perspective
As with all areas of the business, HR teams have found that there are new, exciting software solutions being presented that can help to overcome some of the challenges that remote working triggers. Software that sifts CVs for you, recruitment software that uses AI or facial recognition to assess ‘team fit’, productivity monitoring tools or even introduction of CCTV to monitor compliance with new COVID rules can seem like the answer to your prayers. But without proper consideration of the impact of this software on individuals, their rights and their freedoms, you risk putting your organisation in the firing line for biased or unfair decision-making; just think about the exam results scandal this summer due to ignoring the impact an algorithm could have on people’s lives! Take the time to do a Data Privacy Impact Assessment to fully understand those risks. And then, remember Tip 3 – Transparency builds Trust. If you implement new software, be transparent about why, and how it will impact your staff.
So, now you’ve sipped your coffee and are almost ready to head back to the real work of the day, just make a note of the key points that popped into your head when you read this article. Now is the time to focus on those key points and feel confident that you and your organisation are prepared when it comes to data protection. And if you need a little help to get there, we’re more than happy to listen to what’s worrying you and offer the right solutions to give you ease of mind.