Ensure GDPR compliance in your internal communication strategy

Learn how to ensure RGPD compliance in your internal communication strategy

The General Data Protection Regulation, commonly known as the RGPD, is the reference text at European level for the protection of personal data at all levels. From the private circle to the business environment, the data must be protected. As an employer, it is your responsibility to enforce this social right in your internal communication strategy.

How do you ensure that your internal communication strategy is consistent with the GDPR?

The challenges of the RGPD, for internal communication and human resources
The new obligations imposed by the RGPD being the right of the employees vis-à-vis their data. Indeed, they will be entitled to request their deletion or modification. In addition, the organization will have to inform them of their use, their retention period and whether these data are going to leave the company or the country.

Specifically, the effects of the RGPD are felt from the recruitment phase, with data retention of all candidates until the exit of an employee of your workforce via the backup for a given time of the medical file for example. To achieve this, the digitalization of HR practices seems to be unavoidable since it allows automatic deletion of data collected after a certain time.

Protection and processing of personal data of employees

The RGPD obliges the employer to inform his employees about all the data retained and their purpose through a specific paragraph in the employment contract, for example. Nevertheless, at any time the employee can request a direct access to his data and make a correction. In addition, the employee can simply refuse his data are collected. In this case, the company can invoke its legitimate interest in order to continue this collection.

Of course, the right to be forgotten is applicable in all areas where personal data may be used. However, in an enterprise, an employee can not invoke it if the data is useful and its purposes are not commercial, for example. In order to do this, an automatic deletion system must be set up in order to make the data disappear after a defined period known to the employee.

Actions to put in place in the internal communication plan

This measure, which has been applicable since May 2018, requires an internal communication campaign to inform employees of their rights, but also to explain to them what the GDPR is. Through an information note or an internal event, you can inform your employees to make them aware of the RGPD. If your company has an intranet, an article in the internal journal or sending a newsletter can be a way to inform all employees.

In addition to being a means of informing and integrating employees into this data protection approach, this communication campaign within your organization values ​​your employer brand.

In the digital age, the emergence of a text like the RGPD seemed inevitable. In fact, with the new systems for collecting data from employees and their ability to keep them for the long term, companies have had to deal with new issues related to the retention period, but also the accessibility of these data.