Employee rights are changing
The European Union's General Data Protection Regulation (GDPR) comes into effect 25th May 2018. This new regulation will alter some of the standards expected of any organization that holds information on ‘data subjects’ (such as employees) residing in Europe.
Even if your organization is US-based or outside of Europe, this new privacy model will still apply if your organization targets the European market in offering goods or services, or stores data on citizens (including employees or customers).
GDPR replaces the European Union’s existing data protection guidelines, with the intention of strengthening and unifying data protection for all individuals in the EU. In other words, its aim is to avoid malicious and unwanted use of sensitive, personal data.
It’s come about as technology – and the immense data it derives – has become increasingly embedded into everyday life.
Employees will have new rights regarding the use of their personal data by employers.
- The right to information: employers will need to provide staff with information as to how and why HR-related personal data is stored and processed. They must show what personal data is collected and how they intend to use it. Furthermore, organisations are obliged to limit the extent of employee data processed to only what is required to fulfil business operations.
- The right to access and rectify: employees have the right to access their data, and rectify incorrect data. It must be easy for the employee to opt out of communications, as well as opt in. They have the right to change their mind.
- The right to be forgotten: employees are entitled to have personal data recorded about them erased, in certain circumstances
It is likely that employers will use ‘legitimate interest’ as a legal basis under the new regime to process employee data. But there are limits – and this is when ‘explicit consent from employees’ comes into play. In this scenario, employees can choose to opt in or out of certain comms. For further clarification on this, see Article 29 Working Party’s recent Opinion 2/2017 for helpful examples.
SnapComms – On the front foot for GDPR
SnapComms internal communication software solution already offers a range of privacy control settings to minimize data collection and help facilitate GDPR-compliancy. These range from anonymizing individual employee information in reporting, to configuring the SnapComms App so that stats such as message readership are not collected. It also offers a suite of tools – such as an opt-in/out registration alert, employee quiz and survey tools.
We are fully compliant with all current European and UK data protection regulations, and expect to be fully GDPR-compliant in terms of data location and transfer outside the EU by May 2018.
For more information about our privacy control settings please email firstname.lastname@example.org with ‘Privacy Control Settings’ in the subject line.