A guide to GDPR for the HR function

As part of our ongoing push to provide you with as much information as we can to help you prepare for GDPR we decided to break down the information based on company function.

This will form a series of one page guides starting with the HR function. Other areas will include marketing and physical security.



With the General Data Protection Regulation (GDPR) deadline just around the corner, it is important to consider how it will impact you and the way in which you collect, process and store information about the people you work with.

Any data that you collect, process and share about employees, contractors or consultants, must still comply with its six principles.


Top three preparations

There are, of course, many things that need to be done to get ready for 25 May 2018, but we have chosen to highlight three of the main ones as we see them.

Know your data

Carry out a data mapping exercise to ensure that you have a clear idea of what data you are collecting, processing and sharing. This should include identifying the lawful basis for that processing.

Educate people

Implement a comprehensive induction process to ensure new starters are aware of their roles and responsibilities when handling personal data. Including data protection training relevant to their role.

Improve processes

Put robust processes in place for starters, movers and leavers, with clear ownership defined where they involve other functional areas in your business, for example, the IT, finance and physical security teams.


Top themes to focus on

Data Mapping

Under GDPR it is vital that you are only collecting personal data that you actually need and have a robust, business reason for having. A data mapping exercise will help to flush out personal data that is not required or that is being shared excessively.

Fair Processing

Fair processing notices are just as important when you are looking inwards and you should make it clear to candidates, and/or new starters, how their personal data will be handled before, during and after their engagement.

Data Retention

Employment law provides guidance on data retention and this should be applied as the starting point. But, it is important to build on that guidance and ensure that it addresses the needs of your own business. Where you have control over personal data, you must ensure that you are complying with the data retention requirements, not just in your HR function, but in other areas of the business where employee-related activities are done.

Download the information here in this handy one page takeaway guide


Published date:  13 January 2018

Written by:  Stephen Bailey

comments powered by Disqus

Filter By Service

Filter By Date