European Institute of Management and Finance | Data Protection Practices for the Human Resources Function
product-template-default,single,single-product,postid-62809,woocommerce,woocommerce-page,woocommerce-no-js,ajax_fade,page_not_loaded,,columns-4,qode-child-theme-ver-1.0.0,qode-theme-ver-6.7,wpb-js-composer js-comp-ver-4.12,vc_responsive

Data Protection Practices for the Human Resources Function

Data Protection Practices for the Human Resources Function


Over the past few years GDPR has been a topic of wide and heated discussions in various business sectors, governments and civil society. Two years after its legal enforcement, organisations and data controllers still face numerous challenges around ensuring and demonstrating GDPR and data protection compliance, interpretations and desired outcomes, including within the HR Function.


This workshop looks at a “compliance theme” in the human resources function. It offers insights into this specific and important challenge that all organisation face, i.e. data protection processes and practices related to employees’ personal data and human resources.


The workshop will offer and analyse practical insights, case studies and best practices on how to address these crucial areas of compliance in order to avoid both internal and external issues as well as the possibility of fines or penalties.


The course will also examine existing privacy policies and standard documents (hypothetical, real or examples form participants’ own organisations) related to the processing of employee personal data and employee monitoring, in order to evaluate their effectiveness, suitability and the level of compliance with GDPR. In doing so, the course will analyse the notion of consent in employment and data subject rights applicable to the HR function. In particular, the course will focus on the employee data access rights and the right to erasure, as these are ones that employees will attempt to exercise more frequently. Moreover, the course will look at key principles and examples of data protection impact assessments insofar as they refer to employee personal data.



Training Objectives


By the end of the programme, participants will be able to:


  • Enhance their understanding of ensuring and demonstrating GDPR compliance in the HR function
  • Comprehend principles of good compliance practice and apply them to practical examples and their own practice in the workplace
  • Understand legal issues surrounding employer obligations and employee data processing and monitoring
  • Consider data subject rights in work, in particular, the right to access and the right to erasure
  • Examine their existing privacy policies and standard documents related to employee monitoring and consider their effectiveness and suitability



Training Outline


Date Protection Compliance:


  • Employee data processing and monitoring – introduction, principles and case law
  • Employee consent under GDPR
  • Data subject rights at work
  • Data subject access requests in employment
  • Retention and erasure of employment records
  • Employee monitoring: how to avoid common pitfalls
  • GDPR compliance for employers: checklist
  • Data protection impact assessments and employee personal data
  • Employee privacy notices and other relevant standard documents



CPD Recognition


This programme may be approved for up to 7 CPD units in GDPR, Data Protection and Privacy Management. Eligibility criteria and CPD Units are verified directly by your association, regulator or other bodies which you hold membership.


Professionals requiring CPD units to meet the education requirements for an occupational licence renewal, and/or for maintaining other professional memberships/certifications which accept CPD in GDPR and/or Privacy Management, are advised to consider training subjects in categories that indicate CPD training in GDPR and Privacy Management.



Training Style


The programme is designed to deliver knowledge and enhance participants’ skills using a variety of learning methods. The programme includes short lectures supported by power-point presentations and handouts that aim to explain the main principles and issues while providing the ground for in-depth analysis and debate.


Participants will have the opportunity to pose questions and further discuss during the Q&A section of the seminar. They will also benefit from group work, possibly in a world café style, where they will be called to brainstorm and offer their views for the matters discussed. Participants will also be able to discuss their own practices and policies, should they wish to, or analyse fictitious and real-world examples.



Who Should Attend


The programme is ideal for:


  • HR Professionals (Officers, Managers, Senior Managers)
  • Compliance Managers and Officers
  • Other Department’s Executives, Managers and Senior Managers
  • Internal Lawyers
  • Security Officers
  • Data Protection Auditors (internal and external)
  • Data Protection Professionals
  • Managers of start-ups and digital businesses
  • Anyone who collects, processes and maintains personal data