The General Data Protection Regulation or as we like to think of it Get Data Protection Right has been in place since May 2016 and will be enforced from May 2018.
By the very nature of our business, Meridian Business Support holds a lot of personal data. We need this data in order to find work for our candidates and to find the right candidates for our clients. For our temporary workers we also need this data in order to pay them every week.
Meridian Business Support takes data protection very seriously. From a technical perspective, the servers which hold our electronic data are held in a secure data centre which has appropriate physical and electronic security measures in place. All of our computer systems are kept up to date with security patches and fixes.
At our branch locations we need to ensure that we keep paper copies of documents to a minimum, but where these are needed we keep them securely locked away and have them securely destroyed when no longer required. We are currently reviewing the processes in all of our locations to ensure this is being done.
We inform our staff about GDPR in a number of ways. All new staff undergo an induction course which includes information about required legislation including GDPR. All staff will be required to take an online GDPR course to ensure they know the principles of the regulation and we have an ongoing program in place to remind staff of their responsibilities.
Where we need to pass personal data onto third parties for further processing, we are currently working to ensure that those partners are GDPR compliant and have sufficient security measures in place to safeguard the data.
Meridian Business Support works closely with our trade body the Recruitment and Employment Confederation (REC) whose legal team offer practical advice regarding GDPR. We have had a place on their GDPR working party to ensure that we get the best advice possible.
We work hard to ensure that we follow the GDPR’s six main principles:
- Data to be processed lawfully, fairly and in a transparent manner
- Data is collected for specific, explicit and legitimate purposes
- Data is adequate, relevant and limited to what is needed
- Data is accurate and where necessary kept up to date
- Data is retained only as long as necessary (subject to other legal requirements)
- Data is processed in an appropriate manner to maintain security
Overlaying this is the principle of accountability when everyone from the board of directors to the newest trainee takes personal responsibility for looking after any personal data they are required to handle in their day-to-day work.
GDPR is an ongoing process. While May 2018 is a key date because that is when enforcement starts, it is not an end date and Meridian Business Support is committed to keeping the personal data we are looking after safe and secure.