The incoming GDPR changes will impact the data collected on freelancers and how it is used inside organisations of all sizes. Find out how to reduce your GDPR related risks.
In this guide:
GDPR is set to replace the current Data Protection Act, and non-compliance poses a significant financial risk for organisations - up to 20 million euro, or 4% of turnover, whichever is greater.
The main purpose of GDPR is to give individuals more control over their data, providing rights to access, edit, delete and move their data as they wish. Most of the headlines are focused on high profile customer data breaches and non-compliance, for example Flybe and Honda being fined by the ICO for sending unsolicited email communications.
However, the potential risk of non-compliance is just as great for HR, who currently collect, control and process the data for employees, contractors and freelancers.
The main consulting firms like Accenture and Deloitte are predicting that 30% of the UK's workforce and 50% of the US workforce will be freelancing by 2020. As the use of freelancers and independent contractors rises, more and more organisations will depend on freelancers in the day-to-day running of their operations.
Freelancer data is often badly managed (if at all), which is unlike the situation for full-time employees whose data and employee records are generally governed by tight HR controls and strict onboarding processes.
By contrast, freelance marketplaces enable any line manager with a credit card to hire a freelancer. The ease of hiring creates unchecked and mismanaged hiring processes, often bypassing existing HR and established onboarding processes.
The end result is a de-centralised collection of Excel spreadsheets containing Freelancer data saved on various line manager's desktops.
Of course, this makes it nearly impossible for an organisation to demonstrate compliance with the requirements of the GDPR.
GDPR has several implications for HR. Here are three major areas of risk for organisations who use freelancers:
Personal data should only be held for as long as is needed, and only used for the purpose it was collected. There are wider implications around HR storing and collecting job applications, but for Freelancers an organisation should only collect and store information that will enable accurate allocation of work, and prompt payment.
Whereas there is little control over what data is collected and stored in an Excel file, a freelancer management system provides a solution through creating a standardised, compliant set of data fields held on any given freelancer.
The freelancer management system also provides a simple method for removing freelancer data after projects or engagements are complete.
Organisations must be able to provide details of how and where they collect, store and process personal data. GDPR provides individuals with free access to this data through a Subject Access Request.
For the organisation who has decentralised Excel files containing freelancer data, it will be nearly impossible to provide a complete view of the data they hold.
A freelancer management system provides a central, controllable facility where all freelancer data is stored. Each freelancer is also provided real-time access to their data via a secure platform, which greatly simplifies the processes of Subject Access Requests.
Securing people's data is one of the main objectives of GDPR. In the scenario where a large organisation stores its freelancer data in decentralised Excel files, it is also common for these Excel files to be share amongst colleagues by email. This is an extremely risky practice, which exposes the organisation to the risk of fines and loss of reputation as a result of causing a data breach.
Storing freelancer data in a freelancer management system helps improve data security in a number of ways:
As discussed in our guide to getting started with an FMS, the solution to avoiding the issues created by an organisation's hidden freelancer workforce, is the correct mix of people, process and technology:
Getting started with a GDPR compliant freelancer management system is a four step process:
Discovering the size of your GDPR issue is the crucial first step in the process. Gathering the right information at this stage is key to develop the right strategy.
To begin, you need to examine your internal systems (email, IT systems, invoice payments) to discover where freelancers and contractors are used throughout your entire organisation. It is important to get down to an individual level view of the data. You should be very clear exactly who is hiring and using freelancers and where they are storing and processing data.
Once you have a clearer picture of how many freelancers are being used throughout your organisation, it is time to apply a layer of context.
Next, you should interview internal departments and survey external freelancers to understand exactly what data is required:
With both quantitative and qualitative information gathered and analysed, you are ready to create your action plan. This may include:
A simple guide to the different employment types in the UK: Employee, Self-Employed and Dependent Contractor.
A guide to compliment your freelancer management system - to make it even simpler to hire, brief and work with freelancers.