GDPR: Should you

be emailing employee

documents?

Webinar

Your Webinar Team

Presenting today.

Housekeeping

35 Minutes – presentation from our experts.

10 Minutes – for your questions.

Please use the Question feature to post questions at any time.

Mike Green

Chief Information

Security Officer

Karensa Maton

Multi-channel

Product Manager

Glyn King

Group Managing

Director

What is GDPR?

Key Facts

GDPR come into force 25th May 2018. Yes, despite Brexit GDPR will still apply to the UK.

GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens.

Enforcement for non-compliance is now backed by significant fines of up to €20m or 4% of group annual global turnover.

The General Data Protection Regulation (GDPR) will replace the Data Protection Act. In many ways it’s similar, but GDPR gives individuals better control over their personal data and requires organisations to put data privacy higher on the agenda.

The ICO’s 12 Steps to prepare for GDPR

Awareness Educating decision makers about GDPR and its impact

Data audit

Understanding the data you hold and process

Privacy

Reviewing privacy notices and making changes where needed

Individual rights

Understanding the rights individuals have

1

2

3

4

Subject access requests Develop procedures to handle requests within new timescales

5 Lawful processing

Identifying your right to process personal information

Consent Checking if consent is needed

to record, manage and store employee information?

Children checking if parental/guardian

consent is need to process info held on children.

Data breaches Designing procedures to

detect, report and investigate a personal data breach.

Data Protection Impact Assessments (PIA)

Understanding how and when to implement them.

Data Protection Officers Determining if you need a DPO

and recruiting one.

International

Learning what you need to do if operating in more than one

EU member state.

12

6

11

9

7

8

10

Why are you emailing employees documents?

The world will not end on 25th May 2018.

Let’s help you separate the fact from the fiction.

THE PDF BUBBLE IS ABOUT TO BURST!

Why emailing is being called in to question?

There is nothing in the GDPR that explicitly says you can’t email documents to employees.

So why all the fuss?

GDPR Says: Data controllers and processors are required to “implement appropriate technical and organizational measures” taking into account “the state of the art and the costs of implementation” and “the nature, scope, context, and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.”

The GDPR provides specific suggestions for what kinds of security actions might be considered “appropriate to the risk.

Email origins

What protection does a password give?

Security through design

Retention periods

The Right to be Forgotten

Consequences

Why emailing is being called in to question?

45% of UK adults (19.5 million accounts) have ‘ghost’ email

accounts that are active but no longer used.

The responsibility of You and Your Data Sharing Partners.

In September 2017 the Information Commission’s Office (ICO) reported 46% increase in

breaches related to email.

Email was never designed to be secure and data lacks protection

in transit and at rest.

Are your email servers protected? Who has access to your data?

Where in the world is it stored?

Email encryption

Controller & Processor

Deleting data that is no longer required in the correct timeframes. 21% of consumers said they

will request for personal data to be removed from current or

previous employers.

GDPR

6 Principals of GDPR

1. Lawfulness, fairness and transparency

2. Purpose limitations

3. Data minimisation

4. Accuracy

5. Storage limitations

6. Integrity and confidentiality

The Options

Your Options

Least secure Most secure

Email

Personal Intranet

Secure Purl

Secure Portal

Secure Email Password

Protected Email

Secure Purl

The secure alternative to emailing documents.

Secure Purl.

Putting information at their

fingertips.

No registration required

Users view their document with a pass

code created from memorable data .

Reliable hosting

We ensure the document is available

when your contact wants to view it – from

a secure personalised URL.

Controlled distribution.

You define how long a document is visible

and can withdraw it to comply with data

protection ‘right to be forgotten’ requests.

Tailored alerts

Receive alerts for users who haven’t

viewed your content: allowing you to

prioritise follow-ups for documents

needing an urgent response.

Secure Portal.

Employee communications done differently.

Secure Portal – Epay.

Giving employees access to payroll, HR, reward and pension information in different ways.

24/7 access.

Connect employees to their data around

the clock, every day of the year from any

Internet enabled device.

Increase employee engagement.

Update employees via the message

board. Choose if a message can be seen

by all or select groups.

Present multiple document types.

Host current and historical payslips, P60s,

P45s, reward and pension statements

and more.

Go mobile.

Get your information to employees at

work, home and on-the-go.

Epay.

Why online communications matter.

The Case for Change

Think mobile-first

60% of Epay users access from

mobile and tablet devices.

UK Adults are Internet users

82% use the Internet daily and usage

is strong in all age groups.

96%

98%

95%

89%

82%

47%

16-24

25-34

35-44

45-54

55-64

65+

Ag

e G

rou

p

Summary

+44 (0)1246 543000

sales@datagraphic.co.uk

datagraphic.co.uk

Take away Review what personal employee information you communicate.

Review how you communicate and store personal employee information.

Satisfy yourself you are using the most secure means of transmit and storing information.

Implement secure alternatives if required.