GDPR: How to do a data audit and avoid a massive fine

  • Data Protection
Peninsula Logo

Peninsula Group, HR and Health & Safety Experts

(Last updated )

Read our article: 'GDPR: How to do a data audit and avoid a massive fine'. Contact us today for more information about our Employment Law, Health & Safety, and HR services.

If you’ve been putting off getting ready for the General Data Protection Regulations (GDPR), you won’t be able to for much longer. The EU’s new data protection laws come into force on 25th May 2018, and we can’t stress enough how important they are. You need to make sure you use and store data properly—not just your customers’ but also that of your employees and job candidates. If you don’t, you could face a fine of up to 4% of your annual turnover or €20 million (about £17 million), whichever is higher. The easiest way to make sure the way you gather and use HR data is in line with GDPR is to do a data audit. This will help you understand what your current data procedures are, and whether you need to change them. Start with a plan Before you begin, decide who’ll do the HR audit and how. The best people would be your HR, IT and legal staff. If you don’t employ anyone in these roles, you may need to do it yourself. You could also appoint a Data Protection Officer, or get an external company to do it. The latter might be the better option since they may have more specialised expertise. Make a list of the departments you need to speak to as part of the audit. These include payroll, recruitment and IT (once again, assuming they exist). What you need to gather The HR audit will determine what type of data you collect on your employees and how you use it. Remember that GDPR applies not only to the data you have on your current employees, but also to any information you gathered about unsuccessful job applicants and ex-employees. If your data came from other organisations, such as references from previous employers, you need to include this in your audit as well. How to gather data on your data Come up with a questionnaire or form that asks each department:

  • What kind of data do they collect?
  • Where do they hold the data?
  • How do they use it?
  • How long do they keep it for?
  • Who has access to the data? Can any external organisations access it?
  • What procedures, systems and controls are in place to secure the data?

You also need to work out why you’re gathering data. For employee data, this is likely to be because you need it to honour their contract. For example, you need their bank details to pay them. What happens next? After you’ve finished your audit, you should create a report that shows all the HR data you hold. It’ll help you see what happens to HR data after you’ve collected it, and show where you need to do better. If the audit shows that there are areas where you’re lacking, you need to outline what action you’ll take to come into line with GDPR. And if the Information Commissioner’s Office (ICO) ever pays you a visit, you’ll be able to show them that you’ve taken steps to obey the law. The deadline to comply a few weeks away, so if you haven’t already, you need to act now. Alastair Brown is Chief Technological Officer at BrightHR: a trailblazing people management software company. Alastair is responsible for driving forward BrightHR’s expansion plans and the management of the businesses technological needs. He also speaks regularly to the media on the latest tech and data developments with his commentary profiled in many national and trade publications.

FAQs

Got a question? Check whether we’ve already answered it for you…

Related articles

  • polling station

    Blog

    What could a general election mean for employment law?

    Here's what the big three have each vowed to do should they come away with an election win.

    Peninsula TeamPeninsula Team
    • Employment Law
  • NIC

    Blog

    Conservatives plan NICs abolition for self employed

    After a difficult week, PM Rishi Sunak has set out a raft of tax measures at the Conservative manifesto launch with plans to abolish main NICs rate for four million self employed workers

    Peninsula TeamPeninsula Team
    • Employment Law
  • Global survey results

    Blog

    UK Lagging in Mental Health Conversations: A Wake-Up Call for Employers

    The UK is diverging from this global trend, with a 4% decrease in employees speaking out about mental health issues.

    Peninsula Team Peninsula Team
    • Business Advice
Back to resource hub

Try Brainbox for free today

When AI meets 40 years of Peninsula expertise... you get instant, expert answers to your HR and Health & Safety questions

Sign up to our newsletter

Get the latest news & tips that matter most to your business in our monthly newsletter.