The General Data Protection Regulation, also known as GDPR, came into effect in May 2018 and with it came large amounts of uncertainty, frantic preparation and four words everyone cringed at, “are you GDPR compliant?”. The strain was arguably felt nowhere more than those working in HR departments, who strove to get their sensitive data and practices in line often under heavy pressure and within short time constraints.
Has the regulation changed the way we approach our work and our daily lives a year later? With the exception of websites allowing you to select your cookie preferences, not much seems to be different. I’ve even heard HR managers at companies say, “GDPR is old news – nothing’s changed, most people have forgotten it, and no one really knows what being compliant actually means. We don’t need to worry about it.”
In its build-up, many people anticipated life after GDPR to be populated with crippling fines, hitting big and small companies alike. Companies complied only because they were forced to, potentially not realising the inherent benefits they were actually gaining.
Yet, what most people at the time don’t realise is that beyond protecting your company from bad publicity and big fines, GDPR has helped HR departments and companies, whether deliberately or inadvertently, become more efficient and more proactive in terms of their business practices.
I’ve even heard HR managers at companies say, “GDPR is old news - nothing’s changed". What most people don’t realise is that GDPR has helped HR more than they know.
GDPR in a nutshell
Boiled down to its very essence, GDPR is about keeping the data you store up-to-date, available to its owners and those who legally can access it, and hidden from everyone else. Every individual within the EU has clear, reasonable rights. They have the right to access their own data, the right to correct it, and the right to remove it. As I have written before, compliance with GDPR simply means having up-to-date data available for those who need it – and that’s why I actually love GDPR.
Was the fuss worth it?
Like most governmental organisations and watchdogs, processes and decisions take a long time. Only a few cases of huge companies and corporations receiving fines have been published, such as British Airways and the hotel group Marriott.
Unlike its other European counterparts, the Nordic countries have sparsely seen any fines come their way. Perhaps the stand out case in the Nordics comes from Denmark, where the GDPR authorities carried out a supervisory visit to a Danish furniture company and proposed a fine of DKK 1.5 million for the company’s failure to delete data about 385,000 customers.
The GDPR establishes that personal data must be stored in such a way that data subjects cannot be identified for longer than is necessary for the purposes for which the personal data are processed.
By failing to indicate when personal data is no longer necessary for processing purposes, the company didn’t delete the information, meaning they were in breach of GDPR regulations.
Being passive with your storage and usage of data means not only are you in breach of GDPR, but you’re missing out on potentially huge business benefits. Before GDPR, only those who understood the true value of data were the ‘winners’ but now the regulation has inadvertently leveled the playing field as it forces people to dive into their data.
Better data means better business decisions
Shifting your mindset about relevant people data can provide enormous business value as the ‘GDPR-way’ of handling the data can support your business in many ways.
Previously, HR’s main responsibilities used to be mostly administrative tasks and keeping the staff motivated. Nowadays, with new regulations such as GDPR coming in that affect the business as a whole, HR is increasingly becoming a strategic asset that enables more efficient processes that contribute to the overall competitiveness, performance, and profitability of the organisation.
The true benefits of up-to-date data
Having up-to-date people data not only means you are GDPR compliant, but it also means that you have better data so you can make better business decisions. To be honest, most payroll or HR systems are not built to handle the changing demands for people data or even data transfers between the different systems companies use.
Lack of versatility often results in organisations and individuals creating new files (like spreadsheets) or acquiring several systems for managing personal information. Without integrations and connectivity, this means having mounds of outdated offline data across several different places. Providing an individual a record of all critical people data is strenuous if not impossible.
Better decisions based on correct data mean a better foundation for the future, fewer security problems, and more time for better processes.
Support your organisation’s long-term strategy with GDPR
New regulations such as GDPR force companies to begin new dialogues about how the law is going to affect them, what steps they need to take and what the fallout is going to be. GDPR raised awareness about privacy and how personal data is managed in the company, i.e. who has access to what information and why.
Discussions like these can and should originate from the HR department, and the impact of these discussions are bound to have a hefty impact on the rest of the business. GDPR highlights how HR can support and develop the organisation and its long-term strategy, moving away from its previous admin-focused role towards a business-wide strategic asset.
So, looking back – what has actually changed after GDPR?
GDPR has had a bigger effect than we can ever know or put a number on. At a minimum, it has forced businesses to create an open dialogue about how they store data. Through better analysis of your data, you may find more business opportunities that can profit your business.
Those companies who have been negligent or hesitant becoming compliant and proactive in their data storage may soon become more encouraged to act when more and more GDPR fines and penalties emerge through the woodwork.
Overall, GDPR has been a welcome change that hopefully results in personal people data being stored in fewer systems with higher security. Besides security, such changes will likely mean less maintenance work for HR as well – and that is what we at Sympa love!