One-month countdown to GDPR: a unique perspective

One-month countdown to GDPR: a unique perspective

At The Ink Group, our day to day activities involve handling large amounts of personal data. As you can imagine, we have been working hard to prepare for GDPR.

We see GDPR through a number of different lenses:

So, we thought we’d share with you our current thinking in each of these areas:

Ink as an employer:

We have re-contracted with our employees. They have been issued with Privacy Notices which explain to them how we safeguard their personal information in the employment relationship. This includes knowing:

  • Where their data is stored.
  • How they can access it (instantly, as it happens, as they have online files, and we have no secrets!).
  • In what circumstances they can amend it
  • How long they can expect us to keep it.

We have also given our team training on GDPR and issued everyone with a Data Protection Policy which clearly describes their responsibilities in safeguarding the personal information entrusted to us by candidates, colleagues, clients and, of course, our clients’ employees.

Ink as an HR adviser:

As part of our service to retained clients we have updated their HR documentation (contracts, Handbook, relevant policies). We’ve issued fresh documents that reflect GDPR in the employment relationship. We have also delivered training for management. This has a particular focus on the measures that need to be in place in the pre-employment recruitment phase.

Our observation is that it’s easy to panic about GDPR – and it’s also easy to underestimate its significance. We think that a measured approach is the best place to start. Register with the ICO. Trust the ICO. know your operating environment. Train your people. Get better at deleting (!). Understand the difference between the personal information that is necessary and that which is not. Invoke your IT policies. Review your physical and cyber security. Finally, keep a watching brief. We believe that the theory of the GDPR is one thing … but none of us yet knows what the practice will be like. We expect to see some good ideas being shared over the coming months. Naturally we’ll share these with you so that we can all make this legislation a benefit and not a burden to our businesses.

Ink as a Payroll Bureau:

For some time now we have been working with state of the art software. This enables safe and secure data/file transfer between us, our clients, and our clients’ employees. We don’t believe in paper payslips and we don’t believe in email attachments. The security of our payroll bureau is of paramount importance to us – we have invested time understanding (and therefore being able to vouch for) the GDPR compliance of our software providers. We are issuing new Terms of Business to our clients and we must necessarily be quite dogmatic about how we work together. If clients fail to follow GDPR best practice (for example, by sending us unsecure data files) we cannot accept them.

Ink as an Employee Benefits Consultancy:

The only personal data we handle in respect of our Employee Benefits work is that which is required by the benefit provider for the management of the benefit plan. This could be a workplace pension scheme, where we’ll need employee data around earnings and pension contributions. It could be group insurances where we’ll potentially need a wider range of data including occupation and location. Or it could be private medical insurance where information could even become sensitive (such as personal medical information).

Our focus is therefore on what we data ask for (the “lawful basis for processing personal data”). Also, where and how long we store the data (“information we hold”). And finally how we send the data on to other parties.

Our commitment to our clients in this area is as follows:

  • We will only ask for personal data required by employee benefit providers to effect and / or maintain the benefit in place.
  • We will only store the data for as long as is required to affect the benefit, unless the law requires us to hold it for longer.
  • We will only send on data that is relevant to the employee benefit in question, and when we do send the data we will ensure that data security is top of our list of priorities.

If your business is not yet GDPR compliant and you would like to discuss how we can help you, contact us on:

Tel: 01858 810200


Like this? Share it