How can you effectively Manage GDPR in HR?

How can you effectively Manage GDPR in HR?

21 December 2022

Share this blog

GDPR compliance and responsibility will more often than not fall to HR, so HR professionals need to have a good understanding of the regulations and how to apply them. In this blog, we’ll look closely at the key principles of GDPR and how it applies to HR.

What is GDPR?

GDPR stands for General Data Protection Regulation (GDPR) and is a set of provisions that in 2018 were incorporated into the Data Protection Act. In an HR context, GDPR relates to how businesses collect, store and use employee data. The legislation is lengthy but the following overview will provide a start in understanding and effectively managing GDPR in HR.

Key principles

GDPR sets out the following seven key principles which lie at the heart of data protection and these principles act as the basis for best practice in correctly handling employee data:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

You can read the full definitions of these principles here.

Complying with GDPR

The most important tasks for HR when it comes to effectively managing GDPR are as follows:

Policies

Your business should have a specific GDPR policy. It needs to set out general information about GDPR as well as what is known as a privacy notice so that employees understand why you collect their data, what data you collect, how it is used and stored and what their rights are. These policies should be communicated and readily available to staff.

Working Practices

It’s essential that employers only collect employee data that they absolutely need, that they have consent to process that data and that it is only retained for as long as is necessary. Your business should therefore ensure that its day to day working practices reflect these requirements. For example staff should be clear about what data they are supplying and what you will do with it.

Having a data retention schedule is also good practice but you should ensure that it is regularly checked and that data is securely deleted or disposed of once it is no longer needed. You should also assign a suitably trained and knowledgeable member of your team as the Data Protection Officer (DPO). This will allow staff know who to speak to if they have queries or concerns and that there is a nominated person to deal with Subject Access Requests or data breaches should they arise.

Security

Keeping data secure is of paramount importance whatever format you hold data in. If you keep data in hard copies make sure that you have a clear desk policy and lockable, non-portable storage to keep the data in. Likewise, if you store data electronically you should protect that data through appropriate cyber security and always ensure that only those who genuinely need access to the data in order to perform their roles have it.

Getting it wrong

If GDPR is not managed effectively or appropriately then the consequences can be wide ranging. If staff believe that their data is not being collected, used or stored correctly this may result in grievances and loss of trust from staff in an employer. In such instances staff can make a report to the Information Commissioner’s Office (ICO) and this could result in investigations which can be stressful and time consuming for all concerned. If a business is found to have breached GDPR then this could result in reputational damage and the fines can also be significant. For example, H&M were fined approximately £30.4 million in 2020 for unlawfully collecting and storing information about employees’ families, religions and medical history.

Whilst H&M is an extreme example there are set penalty levels. Infringements deemed to be less severe can lead to a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. More serious infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

Does HRX comply with GDPR?

Absolutely! Whist the system stores the data securely (in an encrypted format using Transport Layer Security (TLS), specifically HTTPS using a secure connection), you remain the owner and controller of the data. HRX are merely the order processor and in this capacity process data exclusively at your instruction. You can also be confident that all data held within the system will be stored securely in the UK and / or the EU. If you ever decide to leave us, we’ll keep your data for 30 days after so that you can change your mind. If you don’t come back to us in that 30 days, your data is destroyed. By having different levels of users we also ensure that employees only see what they should see in order to do their job.

Why not take a look for yourself and sign up for a FREE 30 day trail too. Be sure to get in touch with us if you have any questions about our HR software or how we store data.


Similar Blogs

hr-software-free-trial

4 Ways to Make the Most of Your HR Software Free Trial

Many businesses have now realised that antiquated paper-based HR administration tasks are costing them time and money. That realisation is generally the trigger for them to start to look at the market for HR software. HR software has evolved over time to offer comprehensive solutions for everything from recruitment and onboarding, to performance management and…
View Article

27 February 2024

employee-satisfaction-surveys

Why Are Employee Satisfaction Surveys Important?

Employee satisfaction surveys have become a tool used widely by many businesses. They provide invaluable insights into the workforce’s mindset. The results can be used in order to shape a productive and positive workplace culture. These surveys go beyond simple metrics. They are vital tools for understanding employees’ experiences, what is going well, what isn’t…
View Article

21 February 2024

pre-employment-checks

What Pre-Employment Checks Should I Be Carrying Out?

The current UK job market is highly competitive and ensuring you recruit the right candidate is crucial for the success and growth of your company. A key element of your recruitment process is carrying out thorough pre-employment checks. These checks not only help verify the qualifications and suitability of potential employees, but also protect your…
View Article

7 February 2024

Take it for a spin

It’s so easy to get started, join us on a quick demo and we’ll talk you through the system. We also provide free onboarding to get you started.

Call us on

01282 921000

Monday to Friday 9am - 5pm

30 days free No credit card required Quick & Easy

Book a demo

Contact Us
When is the best time to call