The General Data Protection Regulation (GDPR) will affect how the EU handles and secures the private information of its users. GDPR identifies within its scope, three distinct categories over which it has power: Data Subject, Data Processor and Data Controller. The two central tenets of GDPR which empower the data subject are the “right to access personal data” and the “right to be forgotten.”
A regulation of this scale is certain to affect many areas, and categories pertaining to front-end services like HR will be strongly impacted.
GDPR and HR Services
Within the category of HR services, the focus lies on the individual as a part of the collective workforce. This means the personal data of these individuals is directly influenced by GDPR.
The direct implications of GDPR on HR services might seem obvious when it comes to the storing of employee information. Companies will need to be able to easily delete and transfer data on the request of the employee.
Impact of GDPR on Sourcing of HR Services
• Direct Sourcing Implications
Services and products that were previously bought with the focus on the storage of personnel information will now have a focus on the storage, consent given and deletion options. Tools that do not have these options will have to implement them, which will drive up the price.
It will also drive more competition in the field, since organizations will switch to suppliers that already offer these options in their service (rather than changing their current system).
In addition, organizations should showcase how they can remove data of an individual within 48 hours of request. This means any software tool used for the storage of personal data should have clear instructions how this data can be deleted, preferably in an automated format. The importance of these instructions will affect the choice of software tool for large enterprises.
• Digitization and Automatization in HR Services
Popular SaaS-based platforms that allow for the storing and accessing of employee data, such as the ones used by HR departments globally to monitor employee performance, contingent workforce as well as pay slips and pension planning, will now need to have the ability to access and delete data upon the request of the individual.
• Top Modifications Category Managers Must Implement
All currently stored data must be reviewed and the necessity for storage must be reviewed, as well as existing policies. Once a redundant policy or tool module is identified, removal is necessary. This will not be possible in all cases, which will mean that organizations must change their systems and corresponding vendors to GDPR-friendly systems.
It is most likely that category managers in the HR category will need to intensively collaborate with their internal HR department to align their focus and determine how current services and products can be changed and adapted, as well as future needs that need to be adjusted to fit the new legislation.
How Can Procurement Add Value?
GDPR could also see the emergence of a new stakeholder into HR services. Many companies will need to appoint Data Protection Officers (DPOs) who are responsible for overseeing the business data management systems and monitoring compliance with the GDPR.
The onus is on procurement to be the harbingers of change, thus minimizing and effectively managing data protection risk in the supply chain. Under the new regulation, companies will also need robust supplier risk management processes in place for managing third-party relationships and assessing the risks to which they’re exposed.
While the GDPR will affect almost all players, it could be an opportunity rather than a threat. It nudges travel businesses to build trustful relationships with customers providing valuable propositions to them. It asks recruitment companies to be more efficient and reduce redundancy in storage of candidate data. Companies’ data strategies could become simpler and more streamlined as they clarify their objectives and focus on mining essential data only.