On the 25th May 2018 the EU “General Data Protection Regulation” GDPR comes into force. This is new EU privacy legislation, replacing 95/46/EC Directive on Data Protection of 24 October 1995. It will strengthen the rights that individuals have regarding their personal data. GDPR is a big topic for many businesses as it impacts how they manage data.
- Air customers will usually act as the Data Controller for personal data they manage in Air. This means you work out the purposes and processing data.
- Air is the Data Processor who processes data on behalf of you, the data controller.
Your responsibilities as a Data Controller
You are responsible for implementing the right measures to ensure your data is processed in compliance with GDPR. Here are a few guides on HR data:
- Chartered Institute of Personnel and Development’s (CIPD) GPPR overview
- Lawyers Shoosmiths published this “HR and GDPR” guide.
You should also seek independent legal advice relating to your status and obligations under the GDPR. Nothing on our website is intended to provide you with legal advice, not should it be a substitute for legal advice.
To get started with familiarising yourself with GDPR, here are a few tips:
- You can use Air to identify what data you’re holding on employees and compare this to your obligations.
- Review your current HR policies and update them if you need to.
- Read content from organisations like the CIPD for practical tips on how you can get ready.
- Consult a lawyer for legal advice.
Our responsibilities and commitments as a Data Processor
We are committed to implementing appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR.
Our commitments include:
- Latest tech: We use the latest technology and software practicies. This is important as outdated technology often has security flaws.
- Our security: We use Google’s security systems to ensure we keep your data secure.You can read about our security here.
- Features: We provide you with features that hep you manage the data you hold security and simply. You can simply audit the data you hold on employees.
- We follow your instructions: We only process data when and how you request us to do so via the platform.
- Our internal data access procedures: We have strict procedures about who and how our own employees can access data to keep your data safe
- Our agreements with our own staff: All our employees sign NDAs as part of their onboarding process.
- No sub-contractors: We complete all work within our group (Helium Ventures – helium.vc), we don’t use any other companies.
- Data deletion: If you delete any data via our platform this is deleted forever. You can export your data at any time using our Reports feature.
- Data protection officer: Nick Holzherr is Air’s HR Data Protection Officer. Any questions can be directed to him regarding data protection concerns.
- Incident Notifications: We will provide you incident notifications as soon as reasonably possible if we ever experience any security incidents. We have never experienced any before.
- Updated data processing agreements: Under the GDPR we must provide you with a right to audit us. We will offer updated data processing agreements from 25 May 2018, when the GDPR comes into force.
If you have any questions – please don’t hesitate to get in touch with us.