The GDPR workshops and webinars that PointSolutions deliver provide insight into the current thinking within organisations as to the help they require, specifically relating to HR and employee data.

Some of the challenges and concerns highlighted at the sessions include:

Enterprise-wide overview – overview of your current state of data protection compliance.

Reduce the risk of fines – Reduce the risk of fines of 4% of annual worldwide turnover or €20 million.

Cut the cost of compliance – Cut the cost of compliance: reduce time spent and need to hire expensive consultants.

Evaluate Privacy Awareness – Evaluate privacy awareness & effectivity of current staff training.

Engage staff on process and policy – ensure all staff are up-to-date, informed and understand the processes.

Identify problems in record management – Understanding the current data-set and Identifying problems in record management, such as unencrypted sensitive data in unstructured files.

Extent of data cleansing required – minimise the amount of data held and ensuring out of date data is destroyed, meaning any requests can be dealt with efficiently.

Create a transparent, but secure environment – ensure employees have access to the information within their rights, within a secure framework.

How to create a maintainable data classification system – ensuring that information retention and disposition adheres to policy without reverting to inefficient manual processes.

Getting senior management buy-in – Agreeing the scope, budget and impact with senior management.

Off-site and mobile data management – How to monitor and audit mobile processes.

Policy development and change management – What policies to put in place and how to distribute, train and educate process change across the organisation.

 

The polls taken at the events provide a benchmark to the current status or organisational GDPR planning for employee data:

40% of attendees stated that they have not started the process to put a GDPR policy and governance strategy in place for their employees; 60% said it was in-progress.

57% said that they are currently unable to search across their data assets to identify potential risks.

86% stated they do not have systems in place to monitor data processes and provide an audit.

80% of attendees that use Office 365 were unaware of the security and compliance features available to them.

88% of organisations who attended have not appointed a DPO (Data Protection Officer), or do not intend to.

47% currently do not have data retention policies in place.

87% do not have a Data Breach or Subject Access Request logging system in place

These are very high percentages and the fact that the poll was taken from organisations attending GDPR events means that they are at least researching and are proactively planning. The assumption has to be that organisations who are not attending such events are either already well placed for GDPR or it is not on their radar. If you are in the latter category, there are many resources available to you.

PointSolutions next GDPR webinar is on the 13th of March at 1 pm register by clicking here

If you are utilising Office 365 then the following may be of value:

http://www.microsoftgdprdemos.com/en-us/databreach

https://servicetrust.microsoft.com/

Please Call (0114 321 6104) or email (info@pointsolutionsuk.com) – if you wish to discuss any aspect of planning for GDPR with respect to your HR processes and Employee data.

PointSolutions provide a suite of People HR Apps that have GDPR features to help you build a HR framework for compliance, including PeoplePoint 365 (HRMS), LearningPoint 365 (LMS) and; ApplicantPoint365 (ATS).

  1. GDPR Policy Tracking
    1. Policies and Procedures catalog
      1. To provide guidance on the type of policies that should be considered as part of an organisations GDPR policy
      2. Surface a list of policies that have been created and tagged as contributing the organisations GDPR policy
      3. List of staff who have not signed-up to policies tagged as contributing to the organisations GDPR Policy
  1. GDPR Training Tracking
    1. Learning / Training Management
    2. the ability to tag Training classified as relevant to employees in relation to an organisations GDPR Policy
    3. List of staff who have not undertaken mandatory training tagged as contributing to the organisations GDPR Policy
  1. GDPR Employee Data Management
    1. Sensitive Employee Data Field Classification – Ability to highlight sensitive data (via a GDPR icon)
  1. Advisory GDPR process guideline notepad
    1. Ability to surface GDPR guideline information (via a GDPR icon) as part of data recording forms – i.e. Appraisal, Disciplinary etc. information input – ‘please be aware information may be disclosed upon request’
  1. Employee GDPR User Interface
    1. Security Map- Ability for employees to view who can see their data and at what level
    2. Data Process Map- Ability for employees to view a high-level data flow (by process) so they can understand who ‘ touches’ their information and where it ultimately ends up
    3. Data Retention Policies- Ability to view data retention policies – by type of data/content
    4. Data Update Logs- Ability to view versions logs as to who updated their data and when
    5. Ability to log a Data Breach
    6. Ability to log a Subject Access Request
  1. Data Retention Policies
    1. Ability to classify data and document retention policies by data/content type –
    2. Ability to specify destruction process and rules by data/content type, i.e.Auto delete cv’s after 6-months; Request authorisation to delete certain document types after xx months
    3. Link to ICO guidelines for data retention by data type – from GDPR Dashboard
  1. Data Breach Log & Subject Access Request Log
    1. Classification of type of breach
    2. Date/time/user stamps for all stages of the process
    3. Auto-assignment of reference
    4. Escalation / notifications
    5. Status allocation
    6. Reason / Justification codes / analysis
    7. Response Times logged
    8. Ability to attach supporting documentation
    9. Link to Organisational Policy / Statement
    10. Link to ICO guideline page
    11. Template response statements / letters / emails – based on type of breach
    12. Escalation path defined
  1. GDPR Management Dashboard

          High level (with drill-down to specific detail) GDPR dashboard display an organisations GDPR status in relation to their employees:% of employees not signed-up to GDPR relevant policies

  1. % of employees who have not undertaken training relevant to an Organisations GDPR policy
  2. Number of Live Subject Access Requests – Depicted by status
  3. Number of Overdue Subject Access Requests – in relation to pre-defined action status time parameters
  4. Number of Live Data Breach Logs – Depicted by status
  5. Number of Overdue Breach Logs – in relation to pre-defined action status time parameters
  6. Number of Breach Logs resolved and not resolved within the policy timeframe over the last year
  7. Number of Subject Access Requests over the last year – upheld and rejected
  8. Number of Reported Data Breaches over the last year – substantiated and unsubstantiated
  9. Number of Data Breaches resolved and not resolved within the policy timeframe over the last year

 

If you would like a demonstration of our Apps then please either call 0114 321 6104 or email info@pointsolutionsuk.com