GDPR (General Data Protection Regulation) overview and considerations for HR Managers
– Friday 17th November, Irwin Mitchell, Riverside East, Sheffield.
9.30 – 12.00 (registration from 9 am)

This joint session delivered by Irwin Mitchell and PointSolutions will highlight the key review and action points for organisations in adapting organisational policy to address the requirements of GDPR. The session will focus on the specific requirements surrounding employee data, employee rights and organisational obligations.

Claire Stockill (Solicitor at IM) will present an overview of the GDPR update, which will include a discussion of:

  1. The lawful purposes for processing under the GDPR and why consent is not always the best way to legitimise your use of personal data, particularly in an employment context
  2. The transparency requirements and what you need to be telling individuals (members of staff) about what you are doing with their data
  3. Data retention and the need to have a policy in place setting out how long you will keep different types of personal data
  4. The need to review your data sharing arrangements and your contracts with third party data processors
  5. Training your staff about GDPR and appointing a Data Protection Officer
  6. Carrying out Privacy Impact Assessments
  7. The rights of individuals, including subject access, data portability, the right to be forgotten
  8. Data breaches and the new compulsory notification requirements
  9. Damages and fines for non-compliance

Mark Walsh (PointSolutions MD) will present how HR system functionality can aid compliance strategy, this will include:

  1. GDPR Policy Tracking
  2. GDPR Training Tracking
  3. Employee Data Management
    .            eDiscovery
    Ability to quickly identify relevant information from all sources (documents, databases,
    emails, social posts etc.)
  4. Employee GDPR User Interface
    .            Security Map
    .            Ability for employees to view who can see their data and at what level
    .            Data Process Map
    .            Ability for employees to view a high-level data flow (by process) so they can understand
    who ‘touches’ their information and where it ultimately ends up
    .            Data Update Logs
    .            Ability to view versions logs as to who updated their data and when
    .            Ability to log a Data Breach
    .            Ability to log a Subject Access Request
  5. Data Retention Policies
    .            Ability to classify data and document retention policies by data/content type
  6. Data Breach Management Module
    .            Deadline to respond and to make sure this is diarised the date to notify the ICO (i.e. 72 hours
    after becoming aware of the breach)
  1. Subject Access Request Management Module
    .            Deadline to respond and to make sure this is diarised (i.e. one month from the date on which the
    request is received under GDPR as opposed to 40 days under the Data Protection Act)
  1. GDPR Management Dashboard

This is an invitation-only event and capacity is limited, so please register asap to ensure attendance.

Book here