As mentioned before, our approach is to work in partnership with clients and therefore we feel it is important for us to share our GDPR journey with you, so that you feel reassured that we are all in this together and learning each step of the way. One part of this journey was Kirsty and Jo embarking on a certified GDPR training course, so that they can become the GDPR gurus at FusionHR. Well, that journey has now begun……
Picture the scene: it’s a cold, dark, snowy morning, and an enthusiastic Kirsty and Jo are standing outside the park and ride and then trying to negotiate their way onto the bus with the Leeds commuters. This is where their GDPR journey begins. After flying (literally) down the stairs of the bus and navigating their way through Leeds, Kirsty and Jo arrive for a full day of their accredited EU GDPR Foundation Course.
Whilst we could go through the 6 plus 1 data protection principles and 8 rights of data subjects etc, we thought you might want to take a little journey with us and work through GDPR together. So how does the story continue…
After a gruelling 8 hours of training, followed by an examination (which you will be pleased to learn they passed), their minds were going into overdrive. After a restless night’s sleep dreaming of data protection, Kirsty and Jo have gone into action mode and started the next part of their journey. How???
Whilst things are fresh, they locked themselves in the training room and started working on a data protection inventory for FusionHR (as an employer), alongside Ben our Data Protection Officer. We have determined that, as the employer of the FusionHR team, we are a Data Controller. As a controller, we need to determine the purpose and means of processing personal data. Simply put, this means we need to identify:
- WHO – Who are we collecting data on? Who will be processing the data for us (ie who is the data processor)?
- WHY – Why do we need the personal data?
- TO WHOM – Who are we sending the personal data to?
- WHAT – What data is needed? What data do we hold?
In addition to the above, we need to make sure that appropriate safeguards are in place to ensure the security of personal data.
Following a couple of brainstorming hours, they identified (albeit in draft) some quick wins. For example, ensuring that all mobiles are set to automatically lock after 30 seconds and “find my iphone” is activated to enable the content to be deleted in the event it is lost or stolen. We have also identified other areas that need to go on the “wish list” for further consideration / development.
As you can see, GDPR has already taken its toll on Kirsty and Jo and Ben is having to prop them up. However, we are confident that we will get to the end of the journey successfully! Make sure you read Ben’s top tips on where to start if you are feeling overwhelmed by GDPR. He’s a Yorkshire lad who explains it in plain English!