It’s no secret that the EU’s new General Data Protection Regulation (GDPR) greatly increases information security obligations for companies (and penalties in the case of noncompliance). But given the GDPR’s wide scope, it’s easy to lose track of all the areas where compliance is important.
One such area is the handling of employee information. Key GDPR provisions require heightened consent from, and greater disclosures to, people whose data is collected – including employees, whose personal information is routinely collected by companies. The GDPR also requires internal monitoring of data protection procedures. This means that companies’ human resources teams must play a significant role in ensuring compliance.
Boards should be concerned about these risks, and heads of HR need to be pushing for adequate technical, administrative and operational security measures to prevent data breaches and the exposure of employees’ personal details.