The GDPR comes into force in May 2018. In summary, it requires that data must be: (a) processed lawfully, fairly and transparently; (b) collected for specified, explicit and legitimate purposes, including data obtained by tracking and recording an individual, such as time and attendance records; (c) limited to what is necessary in relation to the purposes for which it is processed; (d) held accurately and kept up to date; (e) kept for no longer than is necessary; (f) processed in a manner that guarantees its security.
This means that data held in respect of payroll, training, vetting, time and attendance and internal communications – to name but a few areas - will need to be handled more rigorously, with consent obtained from all staff and recorded securely.
What you should do
It’s important your organisation looks ahead to GDPR and lays the foundations to ensure compliance. Your approach should include:
Clients who use TemplaCMS will be able to take advantage of new functionality that will assist companies with their own GDPR conformance. Managing personal data access and erasure will be included in this functionality. We will also be helping clients manage data security when using TemplaCMS Mobile and TemplaCMS Portal.