Skip to content

28 January, 2023

Subscribe Advertise About Us
  • My Account
  • Register
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
    • Categories

      • View All
      • Board Moves
    • stakeholder governance

      Threat to stakeholder governance from Twitter sale ‘overstated’

      Academics and experts argue stakeholder governance will always come second while the law puts the...

    • Davos resilience News round-up: this week in governance

      Lessons from Davos; companies risk sliding back on ethical practices; economics affects everyone; Sir John...

    • audit reform UK Audit reform in the UK risks ‘losing momentum’

      The Financial Reporting Council still awaits the proposed new statutory powers that would allow it...

  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • climate litigation

      Climate litigation: how 2022 will shape 2023

      This past year saw a rise in climate litigation, with a focus on the commercial...

    • value whistleblowing

      Why we need to value whistleblowing

      Encouraging staff to speak up and stop harm can reduce legal and reputational risk—both for...

    • HR corporate trust

      HR: How to build employee trust in corporate culture

      The right HR director is essential to lead on a culture that gets the best...

  • Comment
      • View all
    • A week of business moving to the centre of human rights

      A week of events signals the initiatives underway to have companies play a central role...

    • audit reform IIA Why we need audit reform right now

      There is an "urgent need" for reform to the audit landscape as well as internal...

    • climate change energy crisis Sustainability and climate change: the other energy crisis

      The world is addicted to cheap energy. We need to admit this and have the...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • Board priorities 2023 Board priorities 2023: tact, trust and transparency

      We asked key figures what would help boards this year. The answers ranged from 'smarter...

    • Group of investors/shareholders in glass building Climate issues likely to figure prominently at next year’s AGMs

      A recent webinar heard that say-on-climate voting is expected to rise, while ESG remains a...

    • NEDs role NEDs ‘needed more than ever’ in times of uncertainty

      The non-executive director’s role is to both challenge and listen to management, agreed the panel...

  • Careers
      • View all
      • Selection
      • Board Moves
    • NED recruitment News round-up: this week in governance

      Your country needs NEDs; governance does not compute; financial firms get more women on board;...

    • HR corporate trust HR: How to build employee trust in corporate culture

      The right HR director is essential to lead on a culture that gets the best...

    • powerful CEOs Boards want powerful CEOs in tough times

      Single-minded chief executives have greater staying ability when business conditions are uncertain, research finds

  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Corporate & Advisory Services
    • Edelman Trust Barometer 2023

      2023 Edelman Trust Barometer

      The report is the result of the Edelman Trust Institute's research, which sampled more than...

    • Sophos 2023 Threat Report

      Barriers to entry for would-be cybercriminals are lower, with tools and tactics becoming available to...

    • The C-Suite Outlook 2023: On the Edge

      The Conference Board 2023 C-Suite Outlook survey reveals the events that C-suite executives see as...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Selection
    • Board Expertise
    • finance
    • Technology

GDPR and staff data: the final countdown

by Lucy Trevelyan on January 25, 2018

General Data Protection Regulation comes into force in May, with sweeping new requirements for businesses that handle personal data.

data, data protection, GDPR

Image: Rawpixel.com / Shutterstock

Businesses across the EU have just four months to prepare for the implementation of General Data Protection Regulation (GDPR).

The new regulation—which will take immediate effect from 25 May 2018 without any need for domestic law ratification—introduces sweeping new requirements for companies handling personal data.

“Businesses need to understand the data held within the organisation, where that data comes from and where/how it is stored…”

–Sybille Steiner, Irwin Mitchell

Sybille Steiner, partner at law firm Irwin Mitchell, said that organisations need to conduct data audit to identify areas where action needs to be taken to ensure compliance.

“Businesses need to understand the data held within the organisation, where that data comes from and where/how it is stored, what happens to it while it is within the organisation and when and how it is deleted.

“Where any areas of non-compliance are identified, or where activities pose a risk, the business will need to formulate a plan to address them.”

GDPR requires organisations which process data—whether internally or externally—to obtain “specific, informed and freely given” consent from individuals whose data is being processed. This means businesses need to check their consent practices and existing consents and refresh them if they don’t meet the GDPR standard.

Consent requires a positive opt-in; pre-ticked boxes or any other method of default consent will not suffice, and consent requests should be kept separate from other terms and conditions.

Steiner said that it is common for businesses to have general “catch-all” consent clauses within employee contracts or data protection policies.

“These will no longer be valid forms of consent and businesses need to review employment contracts and policies to decide whether consent should be relied upon at all and if yes, in which form.”

Data protection review

Data protection policies need to be reviewed, she said, and should clearly set out:

  • what personal data is and why data protection is important;
  • information about the collection and use of personal data, on what basis and why this is processed;
  • what the data rights of employees are and how the employer will ensure these are upheld;
  • how data breaches are dealt with; and
  • the consequences, for the business and individual, of non-compliance.

“The written policy should also set out when and how specific categories of personal data are deleted,” she added. “It should include the new ‘right to be forgotten’, requiring data processors to delete personal data where the data is no longer necessary for the purpose in relation to which it was collected, consent has been withdrawn or if the data was processed in breach of the GDPR.”

All staff should be trained in handling data, she said, and businesses should have an internal reporting procedure in place to ensure they abide by the GDPR duty on all organisations to report any data breach within 72 hours.

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Executive pay, sustainability KPIs and the climate crisis
    December 1, 2021
    CSO with green tie and leaf in his top pocket

    Linking KPIs to sustainability targets results in complexity. A focus on corporate purpose is a better way to tackle climate change.

  • Steps for a smooth and successful CEO transition
    January 18, 2022
    New CEO sitting in his office

    A succession plan is only the start: an effective CEO transition requires clear KPIs, objective assessment and ongoing board support.

  • Battle of the boards: risk, ESG and two-tier board structures
    April 22, 2022
    Board risk meeting

    There is an inherent conflict of interest between main and executive boards, with two different time horizons and two different risk impacts.

  • Top stories of 2021: purpose and transformation amid the pandemic
    December 22, 2021
    Coloured lines unite to form red arrow

    Philosophical questions about corporate purpose and transformation joined ESG, diversity and AI as the thought-provoking themes of 2021.

For thoughtful journalism, expert insights on corporate governance and an extensive library of reports, guides and tools to help boards and directors navigate the complexities of their roles, subscribe to Board Agenda

data privacy, GDPR, General Data Protection Regulation, personal data

Search


Sign up to our Newsletter

Receive independent news, thoughtful journalism & expert insights about leadership, corporate governance & key boardroom issues straight to your inbox every week.

SIGN UP

Follow Us

 

 

 

 

Most Popular

  • Audit reform in the UK risks ‘losing momentum’
  • Activist investor campaigns rise back up to pre-Covid levels
  • How to ensure stakeholders trust your sustainability reporting
  • Elon Musk weighs in against ISS and Glass Lewis
  • Climate litigation: how 2022 will shape 2023
 

Featured Partner Profile

Diligent

Diligent

Diligent Corporation, which was founded in 2001, is headquartered in New York, NY with a European HQ in London. Diligent’s modern governance platform empowers leaders and teams at every level of the organisation to digitally transform and create ...

Featured Partner Resources

2022 AGM Season Forecast: An Eye on The Horizon

To help prepare for AGMs in 2022, Equiniti (EQ) hi...

Stakeholder Engagement: A Roadmap for UK Plc Boards

This guide aims to provide directors and their col...

Digital Boards: How Technology Adoption is Driving Culture Change and Resiliency

Digital tools proved their worth to boards during ...
Leadership in AI report

Leadership in AI

This report from Board Agenda and Mazars, in assoc...
Creativity in a Crisis: a Boardroom Map for Innovation

Creativity in a Crisis: a Boardroom Map for Innovation

In the uncertain times at the height of any crisis...
Board Directors Guide to D&O Liability Insurance - November 2020 - AIG & Board Agenda

Board Directors' Guide to D&O Liability Insurance

Directors face liability over a range of new threa...
Leadership-in-Risk-Management-Board-Report

Leadership in Risk Management: Board Report

Board Agenda, in association with Mazars and INSEA...
Director's Guide to Internal Investigations

A Director's Guide to Conducting Internal Investigations

An internal investigation must be handled meticulo...

 


 

ADVERTISE – FREE CORPORATE LISTING

FREE - Add your company profile to our Corporate & Advisory Directory.
ADD

ADVERTISE – PROMOTE YOUR REPORTS & WHITEPAPERS

FREE - Add your company profile to our Corporate & Advisory Directory.
Add Resource

Register Free

Register to receive free article views, selected resource downloads, and all the latest news alerts straight to your inbox. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Corporate & Advisory Services
  • Media Marketing Solutions
  • Contact Us
  • Careers
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
  • Sitemap
|