Preparing for the General Data Protection Regulation (GDPR)
by Abisheg Suresh
It is imperative that all companies understand how the GDPR will impact their HCM systems, data and processes.
he General Data Protection Regulation (GDPR) goes into effect in May 2018 and will introduce stricter requirements around data consent, data transparency, and the handling of personal data. All organisations (irrespective of the organisations location) that collect and process personal data of individuals who are within the European Union need to comply with this new law.
So, do I need to be compliant?
The answer is a simple ‘YES’.
As mentioned earlier, all organisations that use personal data need to be compliant with this new law. Personal data in this case is any information relating to an identified or identifiable person. So even if it is the local watch repair shop that would need your name, address and phone number- they will need to make sure that everything according to GDPR is adhered to.
With SAP’s commitment for data protection, SuccessFactors has extended the existing products to stay compliant with the new legislation.
For ease of understanding, personal data has been classified into 3 phases during the employee life cycle:
- Active: The phase during which data is processed for its specific purpose;
- Retention: This is the phase after which data is not processed actively, but being held for specific purposes or for display purposes only;
- End of Use: This is when data is no longer required in the system and can be purged.