Here at aspire cambridge, we take GDPR very seriously. Claire Dillon, our CIPD accredited Employment Law expert, HR Consultant and DPO, accepted the challenge and got busy planning back in January. She waded through all the legislation and ICO guidance and came up with an epic “to do” list both for us and our lovely clients.
So where did we begin?
We carried out an Information Audit to determine what personal data we were storing, where we stored it, for what purpose and for how long. We also checked if we had a lawful basis for keeping it. We were also keen to establish if we held any sensitive personal data. We then deleted what we didn’t need or have a reason to keep.
We then checked with our suppliers and database host that they were all working on GDPR compliance. With our minds at peace we started to review our contracts of employment, our Employee Handbook and our policies. Claire, being a legal whizz kid, had this sorted for us in a matter of hours. We now have several policies in place to safeguard the data we hold, to ensure all our employees are aware of the rules and what to do in the unlikely event of a breach.
These policies are:
- Policy on Data Subject Rights
- Data Protection Policy
- Breach Notification Policy
- Data Transfer Security Policy
- Monitoring Policy
- Subject Access Request Form
We also now have revised Privacy Notices for employees and job applicants. In addition, we now have consent forms for current employees, new employees and employees that leave us, as well as forms to make deletion, restriction or rectification requests. Not forgetting the Subject Access Request form and accompanying policy.
A key item on our list was to ensure everyone on our mailing lists was made aware of their new rights and that they may not wish to receive information from us anymore. We used marketing as a key tool to help us find a wide variety of brilliant candidates and we targeted employers to obtain vacancies, or to tell you about our outstanding HR service. Now we only contact those of you that have given us permission to by opting in to receive our newsletters and job alerts, for example.
Our website had a revamp, an opt-in option was added to the Contact Us section and our updated Privacy Notice was added.
Finally, we reviewed our Terms of Business with clients and candidates and sent them out, before Claire led a training session for our employees on what’s new, why it’s important and what we need to be mindful of moving forward.
Of course GDPR is an ongoing process and will become embedded in the way we work. Our focus is on ensuring we don’t hold data we don’t absolutely need, that we keep it safe and that we respect your right to privacy – after all “placing people first” is a priority and runs deep through the core belief of what we do.
We offer a GDPR Toolkit with all the information you need to follow the right process for your business, including a follow-up meeting and on-going advice and support.
If you’d like to know more, get in touch with us today on 01223 855441.