Find out how to ensure RGPD compliance in your internal communications strategy

The General Data Protection Regulation, more commonly known as RGPD, is the reference text at European level. In terms of personal data protection, and at all levels. From the private circle to the professional environment, data must be protected. As an employer, it's your responsibility to enforce this social law in your internal communications strategy.

How can you ensure that your internal communications strategy complies with the RGPD?

The challenges of the RGPD for internal communication and human resources

The new obligations imposed by the RGPD being employees' rights vis-à-vis their data. Indeed, they will be entitled to request their deletion or modification. In addition, the organization will have to inform them of their use, how long they will be kept and whether this data will leave the company or the country.

In practical terms, the effects of the RGPD are felt from the recruitment phase. With the retention of data on all candidates until an employee leaves your workforce. Via the backup for a given time of the medical file, for example. To achieve this, the digitization of HR practices seems unavoidable. Since it enables automatic deletion of the data collected after a certain period of time.

Protection and processing of employees' personal data

The RGPD obliges employers to inform their employees about all the data stored. And their purpose through a specific paragraph in the employment contract, for example. Nevertheless, at any time the employee can request direct access to his data. And rectify it. In addition, employees can simply refuse to have their data collected. In this case, the company can invoke its legitimate interest in continuing to collect the data.

Of course, the right to be forgotten applies in all areas where personal data may be used. However, in a company, an employee cannot invoke this right if the data is useful. And for non-commercial purposes, for example. In order to do this, an automatic deletion system must be set up. This means that the data will disappear after a defined period, known to the employee.

Actions to be included in the internal communication plan

This measure, applicable since May 2018, requires an internal communication campaign in order to inform employees of their rights, but also to explain what the RGPD is all about. Through an information note or an inthttp://tvymwnt.cluster100.hosting.ovh.net/produits/communication-interne/erne event, you can inform your employees in order to RGPD awareness. If your company has an intranet, an article in the in-house journal or the sending of a newsletter can be a way of informing all employees.

In addition to being a way of informing and integrating employees into this data protection approach, this communication campaign within your organization itself enhances your employer brand.

In the digital age, the emergence of a text like the RGPD seemed inevitable. Indeed, with new devices enabling the collection of employee data and their ability to store it durably, companies have had to face new issues linked to retention time, but also the accessibility of this data.