Privacy by design prevents data headaches later
| DOI | https://doi.org/10.1108/SHR-01-2017-0008 |
| Published date | 10 April 2017 |
| Pages | 100-101 |
| Date | 10 April 2017 |
| Author | Nancy Dickie,Andrew Yule |
| Subject Matter | HR & organizational behaviour,Employee behaviour |
Privacy by design prevents data
headaches later
Nancy Dickie and Andrew Yule
Nancy Dickie is based at
Winckworth Sherwood LLP,
London, UK. Andrew Yule is
Partner at Winckworth Sherwood
LLP, London, UK.
Little more than a year
remains before the General
Data Protection Regulation
(GDPR) comes into force.
Many larger businesses and those
operating in the technology and
data sectors are likely to already
be pretty au fait with existing data
protection matters and may feel
reasonably well prepared for
GDPR. But complacency can be
dangerous – and it is probably fair
to say that many businesses have
traditionally taken a fairly reactive
approach, with no-one truly taking
ownership of ensuring that data
protection principles are
embedded within their
organisation.
Under the GDPR, a passive or
reactive approach will not pass
muster and will potentially expose
any business to an intimidating
fines regime.
So, where should HR practitioners
start with GDPR? The first step is a
conceptual one. Accept that
personal data are not something or
somewhere else, rather it is
engrained in everything your
business does – particularly where
people are at the heart of the
business model (or, of that part of
it in which you operate). The GDPR
recognises this concept by
demanding that data privacy rights
are factored into every aspect of
your business, where people and
their data are involved.
So, just as HR professionals
embrace the fact that every decision
they make and every policy they
implement must be assessed
through the lens of discrimination
laws – so, they must now get used
to applying a GDPR lens to
everything the business plans and
does, which affects or that may
involve the processing of
employees’ (or anyone else’s)
personal data. This is what we mean
by privacy by design.
Privacy by design
The concept of “privacy by design”
is not new. The UK regulator (the
ICO) has recommended the
approach as best practice for some
time. However, the GDPR goes
further – it bakes it into the letter of
the law.
Personal data implications can no
longer be treated as a discrete
element of or a bolt-on to an internal
project. Privacy by design demands
that you are proactive in addressing
the privacy implications of any new
or upgraded system, procedure,
policy or data-sharing initiative,
throughout its planning phase and
its full lifecycle. Indeed, it is
important to note that GDPR
couches privacy by design as an
approach to take both at the outset
of a project or system and during its
operation, again highlighting that
data protection considerations are
e-HR
PAGE 100 STRATEGIC HR REVIEW VOL. 16 NO. 2 2017, pp. 100-101, © Emerald Publishing Limited, ISSN 1475-4398 DOI 10.1108/SHR-01-2017-0008
To continue reading
Request your trial