GDPR and HR in Belgium
On 25 May 2018, the European Data Protection Regulation (better known as the GDPR) will enter into force. From that day on you can be (heavily) fined if your company does not comply with the GDPR rules and you can owe compensation to people whose rights you can not guarantee.
As soon as your company processes personal data, the company is responsible for it. This means that you must comply with a number of obligations during processing and must be able to guarantee a number of rights. If you are unable to comply with this, you will risk a fine of up to 20 million euros or 4% of your worldwide turnover or a personal compensation of a specific person. Reason enough to limit the risk of errors by acting in accordance with the GDPR.
A lot of personal data are processed in HR, such as in the context of:
- The attendance registration;
- The wage and personnel administration;
- The organization chart of your company;
- HR software / HR tech;
- Pictures of your employees (on the website);
- Cooperation with a payroll agency, the professional accident insurance company, the group insurance, the hospitalization insurance, …;
- The exchange of personal data in the context of a company car;
- Camera surveillance;
- Monitoring of e-mail traffic;
- IP addresses of your employees and customers who connect to your company’s WIFI;
- Track & trace systems;
- Job applications;
- Trade union membership;
These processing operations are certainly not prohibited by the GDPR, but you are expected to provide adequate protection for these data, you are not allowed to collect more data than necessary, you must have a legitimate basis for this processing, appropriate organizational measures, etc. …
In addition, as an employer you will have to ensure that your employees also comply with the GDPR rules and guarantee the necessary protection with regard to the data of your customers. This can often be arranged in policies and within the work regulations.
We would like to share our own experience with you. We can support you in particular with:
- mapping out all the personal data that your company processes;
- linking appropriate practical measures to ensure that your company is GDPR-compliant;
- bringing all your legal documents into line with your practical measures and the legal requirements of the GDPR.
In addition, you will also get a better view of how your employees collaborate and how you can optimize your processes.
Do not hesitate to contact us!