Companies will need to be more transparent about the management of employee data or risk getting caught on the wrong side of the European Union’s General Data Protection Regulation.
GDPR takes effect May 25 and builds upon existing European data-privacy rules to protect personal identifiable information and to empower the individuals who are the subject of the data. The burden of compliance falls with organizations that hold and process information.
Human resources departments that have relied on employee consent for data processing may need to review their approach, said GDPR experts in London. Under GDPR consent must be given freely and explicitly, with the individual clearly informed of the use of his or her personal data.