Who else is processing your company personal data?
So far, with regards to the HR aspects of GDPR, most businesses have been focusing on how they process the data internally. You may have been looking at IT security access and also at how you deal with your marketing data but there is one key aspect that may have been overlooked.
Depending on your internal arrangements, you may be passing personal data belonging to your employees to external service providers to process. You may have covered this in your Data Protection Policy or your Employee Privacy Notice – but have you actually checked how the service provider is dealing with the data you pass to them?
The sort of service providers might include: recruitment agencies; payroll; pension; occupational health; independent HR support (such as that provided by Cherington HR); legal advisers; health and safety consultants; insurance providers etc.
Some of these, for example the big pension providers, may already have written to you to set out how they deal with the data you send them. But if you have smaller service providers from whom you have had no reassurance, you should send them a letter requesting confirmation that they are compliant with the new Data Protection Act and the GDPR requirements.
If you have not yet thought about this aspect of GDPR and need some help working out how you need to manage the data you pass to other service providers, please get in touch today.
Posted on 03 May 2018