How will the GDPR affect me as an employee?

The EU General Data Protection Regulation (GDPR), which comes into effect in less than two months, represents a dramatic departure for EU regulators from the previous directive on data protection. 

For organisations, it will mean establishing strict procedures when handling clients’ and customers’ data.  

But what does the GDPR mean for the average employee, and how will it affect them?  

Nicole Flannery, senior manager for Deloitte, suggests that the GDPR will affect employees in two ways: “Firstly, in their employment capacity with their organisation where they process personal data as part of their everyday roles and responsibilities. Secondly, where their organisation collects and processes personal data specific to the employee themselves.”  

According to Flannery, employees should ensure there is complete transparency when it comes to their personal data. They should also be notified of any internal processes that might impact their personal data directly.  

As the GDPR approaches, many organisations will get caught up in the processing of external data and may forget about their internal procedures and obligations to employees under this new law.  

“Employers need to ensure that their GDPR compliance programme includes the fact that employees are data subjects too, with the exact same rights,” said Flannery. “It is surprising how often employee personal data is overlooked within these programmes of work. 

“It is important to also note that the recently issued Irish Data Protection Bill stipulates that requesting an individual to make an access request for the purposes of recruitment, continued employment or a contract for the provision of services will be an offence. 

“The bill calls out a number of instances where criminal sanctions will be applied, including in the case of offences committed by directors, managers, secretaries or other officers of an organisation which are proved to have been committed with the consent, connivance or negligence on the part of these employees. In addition, it is an offence for employees to obtain or disclose any personal data without the authority of their employer.” 

Employees within an organisation who are responsible for processing client’s personal data should be fully up to date with their company’s GDPR compliance programme and how it will affect how they collect, process and access personal data.  

Putting the GDPR into practice 

Those who want to learn more about privacy by design and the other requirements of the GDPR should consider enrolling on our Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course. 

This five-day course provides a comprehensive overview of the GDPR and gives you practical advice on planning, implementing and maintaining a GDPR compliance programme. It’s delivered by an experienced data protection practitioner, and is ideal for both managers who are already involved in data protection and individuals who want to get started in the field. 

Those who want to learn more about privacy by design and the other requirements of the GDPR should consider enrolling on our Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course. 

This five-day course provides a comprehensive overview of the GDPR and gives you practical advice on planning, implementing and maintaining a GDPR compliance programme. It’s delivered by an experienced data protection practitioner, and is ideal for both managers who are already involved in data protection and individuals who want to get started in the field. 

Find out more about our Certified EU GDPR Foundation and Practitioner Combination Course >> 

 

2 Comments

  1. T D 9th April 2018
    • Niall McCreanor 25th April 2018

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.