About Us

About Us
BPIF Cartons connects its members together, promotes the unique commercial and environmental advantages of cartonboard and represents the sector to Government, agencies and the general public.

Choose your service

BPIF Cartons, our objectives

Industry Statistics

How Cartons are made

The life cycle of a carton – CartonVille

BPIF Cartons Committes

Partner Trade Associations

Technical Toolkit
Why Cartons?

Why Cartons?
The packaging industry is alive with new challenges and opportunities, with the UK carton sector at the forefront of developments.

Choose your service

Information Sheets

A Sustainable Solution

Carbon Footprint

Ticking all the Boxes
Members

Select Type Of

Membership

Converter Members

Find out more

Partner Members

Find out more
Training and Development

Training and Development
From apprenticeship programmes that ensure companies attract high quality entrants, to development training that guarantees the industry benefits from experienced and highly trained employees.

Choose your service

E-Learning

Apprenticeships

Industry Stars

Foundation Training

TICCIT
Membership Benefits

Membership Benefits
By combining the purchasing power of the industry we are able to offer members excellent products & services at competitive rates.

Choose your service

Insurance

Pensions

Healthcare

RAC

R&D Tax Credits

Energy Management

Member Downloads

Cartons Yearlet

BPIF Cartons Newsletter

Webinars

Extended Producer Responsibility
Events
News

GET THE LATEST UPDATES ON PLASTIC PACKAGING TAX (PPT) - HERE

News

Home / News

News > News Article

January 2018

Will your HR department be GDPR compliant by 25 May?

In an effort to prepare our members for the new data protection regulation, we've reported on the changes through our various channels and have run a number of regional workshops. As a result, you may understand your responsibilities to protect your customer's data, but are you also aware of your Human Resources responsibility?

GDPR
The General Data Protection Regulation (GDPR) will come into force on 25 May 2018 throughout the EU and will replace the Data Protection Directive, which is implemented in the UK through the Data Protection Act 1998. The implementation of this regulation will not be impacted by the UK's vote to leave the EU.

The GDPR will apply to 'personal data', meaning information that relates to an identifiable person, and will include any information held in paper files or electronically, including information that may be held outside the EU (for example a HR database or outsourced payroll). The GDPR will regulate the 'processing' of such data, including the collection, storage, use, alteration, disclosure and its destruction.

Companies will need to implement appropriate measures to ensure it complies with the GDPR and to ensure that only personal data necessary for each specific purpose is processed. This includes ensuring:
- Only the minimum amount of personal data is collected and processed for a specific purpose
- The extent of processing is limited to that necessary for each purpose
- Personal data is stored for no longer than necessary
- Access to the data is restricted to that necessary for each purpose

Accountability
At the point of collecting data from employees or job applicants, employers will have to provide more detailed information about the processing of personal data than they do currently. Employers can use information notices, also known as 'privacy notices' to provide the information. This will also apply where an employee wishes to process existing data for a new purpose.

One of the biggest changes will be the principle of accountability, and companies will have to demonstrate that they comply with the GDPR. This means that extensive internal records of data processing operations will need to be kept, and these will also have to be produced for inspection if requested. To assist with this compliance, employers should create a data register containing information about all personal data, which is collected and processed by the company.

The GDPR will also place much more stringent obligations on employers to ensure that they have the systems in place to respond to any 'data subject access requests' received from employees. Whilst employees have the right under the current Data Protection Act to access information that is held by their employer in relation to them, the regulations have been fine-tuned by the GDPR to be more transparent and accessible.

This article highlights changes to the requirements for processing employee data under the GDPR, but members should be aware that the GDPR is complex and contains additional requirements and details that go beyond your employee data.

If you would like additional information on being GDPR compliant within your HR Department, please contact your Regional HR Business Partner or click here to access example HR documents which are GDPR compliant*.
*available to Gold and Platinum members

Need more information on GDPR? Then be sure to book yourself on one of our GDPR workshops.

Upcoming GDPR Workshops:

7 February 2018 - London
13 February 2018- Brighouse
24 February 2018 - Brighouse

Share this page

< >