GDPR: It affects pay and benefits
The General Data Protection Regulation (GDPR) is a regulation the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.
Although on 29 March 2017 Prime Minister Theresa May triggered article 50, dictating that by 29 March 2019 Britain will leave the EU, between these two dates (25 May 2018) GDPR will take effect.
This means that GDPR will affect SME’s in the UK and compliance will be required. (Potentially with hefty penalties levied if not)
Furthermore, on 21 June 2017 the UK Government revealed its legislative programme for the coming two years. The Government confirmed its intention to bring the EU General Data Protection Regulation (the “GDPR”) into UK law, ensuring the country’s data protection framework is “suitable for our new digital age, allowing citizens to better control their data.”
All in all, it is happening and everybody needs to be ready.
Why is GDPR being introduced?
The current legislation, The Data Protection Act, was introduced in 1998, practically a lifetime ago (You may employ people who weren’t born!).
In 1998:
Titanic was the highest grossing movie.
Celine Dion sold the most singles.
The FDA approved Viagra.
Google was founded.
The Euro didn’t even exist.
Jump forward nigh on 20 years and the world has changed somewhat. With the increase in data held, and the looming threat of cyber attacks, it is no wonder the EU is introducing more appropriate regulation governing how companies hold, protect and share personal data.
So what does this mean for SME’s?
Natasha Jones, Director of Legal Services at Effective Law Group, says:
‘Historically, HR departments may only have had held personnel files, now they are likely to have a huge amount of employee data held digitally, including activity on smart phones, tablets and even wearable technology.
I expect that in many cases neither the employees nor their employers have a grasp on how much is held and how it is used. It is vital that employers get firm grasp of the information they hold, and simultaneously how they share data with third parties like employee benefits advisers, and pension advisers in light of auto enrolment.’
As a result all employers, no matter their size, should act.
1. Examine existing practices and information held.
2. Assess what data to hold moving forward and how to hold it.
3. Review the way existing staff and future employees agree to share data. Clearly drafted comprehensive privacy notices may be required.*
*This may mean seeking legal advice
How does this impact pay and benefits?
In the future it is likely that employees will have to opt in to employee benefits and allow their data to be shared, rather than being automatically included.
In my view this increases the need for communication with employees to highlight the merits of any benefits you may offer, and to identify what benefits they would value most.
With out undertaking this step you may find uptake of your offering diminishes and as a result the positive good will you intend to generate my be lost.
At Parsonage we are introducing a secure portal to enable the encrypted transfer of data between client and adviser (and vice versa), along with secure document storage to ensure our clients can be confident their employees personal data is secure and appropriately handled.
We also have in house researchers ready help you gain insight in to your employees preference to stand you in good stead to deliver an effective employee benefits program.