What GDPR means for HR and your business

At times it has seemed as though the hype will never end, but GDPR D-day is, at last, upon us.

This Friday, the General Data Protection Regulation will come into force, and while many organisations rush to ensure they’ve correctly interpreted and implemented the new requirements, others are welcoming it relaxed in the knowledge that they are officially ‘GPDR compliant’.

In our recent round of Q&As with HR leaders in Wales, we took the opportunity to ask our interviewees how they anticipate the GDPR affecting their roles. Their answers were reassuringly positive.  

Yvonne Murray, Head of HR at Cardiff International Airport said: “We practice really tight data protection practices in HR, so I welcome the GDPR and think it will enhance the laws we have in place. I think the biggest impact will be on marketing and recruitment.”

As recruiters, we’d agree. Successful recruitment depends on trust and integrity in the same way successful employee relations does. We believe the GDPR offers a great opportunity for those in hiring positions to be more transparent, demonstrate their organisational values and improve their recruitment practices. Ultimately, it encourages businesses to do the right thing with data.

Jon Bridge, Director of People and Culture at S.A. Brain and Company Ltd., shares this view. He doesn’t believe GDPR will have a huge impact on his role and says: “As long as you’ve got your systems and processes set up and you’ve got a legal basis for why you’re holding info and what you’re going to use it for, there isn’t a huge amount of difference from the data regulations in place anyway.”

David Teague of the ICO summed it up nicely during a panel discussion at Cardiff’s Digital Festival 2018 earlier this week when he said: “it’s an evolution not a revolution.” But for those organisations whose data protection processes haven’t been as strong as they could have been, it has no doubt felt more like a revolution.

Gareth Way, Chief HR Officer at Creditsafe, explains: “If the advent of GDPR is the first time that a department has really considered how it maintains and manages that people data, they’re going to have a lot of work to do!” He adds: “As long as HR departments have good people, data management practices and policies, and follow legislation, GDPR should have very little impact on their roles.”

The devil, for many organisations, has been in the detail. Rob Baker, Director of HR, University of South Wales, says GDPR is a case of ‘a massive sledgehammer to crack a nut…but it has reenergised the efforts to safeguard people’s data, which is a good thing.” From a recruitment perspective, we’d certainly agree that better data protection is good news for both candidates and clients.

Regardless of whether it’s required a small change or an arduous, long-winded overhaul for your organisation, the investment in ensuring GDPR compliance will certainly have been worth it from a reputational and financial point of view. The fallout of a data breach won’t just put clients or new investors off but send current and prospective employees running too.

Of course, you might be concerned of the impact being GDPR compliant has had on your database size, but as is often the case, quality is much better than quantity. The GDPR has given many organisations the opportunity to focus their limited resources on their most engaged clients.

Whatever your experience of it, the integrity, rigour and transparency that the GDPR requires, will undoubtedly help you to build a working culture that both your existing and future talent want to be a part of – and that’s what good data protection is really all about: people.   

To find out how we can work with you, please drop us a line