The Implications of GDPR on HR and Payroll Departments

28th April 2018

The Implications of GDPR on HR and Payroll Departments

The Implications of GDPR on HR and Payroll Departments

Earlier this year we published an overview blog about GDPR questions. One thing is for sure: for every question answered more arise – if the networking session I attended this morning is anything to go by. So here we look at the implications of GDPR on HR and Payroll Departments.

No-one has yet charted the GDPR waters so there’s really no such thing as a GDPR expert. That said, in this post I’ll attempt to highlight the implications of GDPR for HR and payroll staff.

GDPR is about you as much as it is about your customer

The GDPR compliance date is fast approaching. So companies and organisations of all shapes and sizes are expanding frantic efforts to make sure their external data is GDPR compliant. The chances are you’re one of them. I daresay you’re busy reviewing all your systems and processes to make sure they comply with the new rights that the new regulations gives to customers.

But: have you stopped to think that the new regulations don’t stop there? As this blog from ADP points out: ‘ … the new regulation also extends to the data you hold on your employees.’  So what does that mean to you, the HR employer. If you’re a company of a certain size, with finance, IT and operations depts. As the May deadline draws near, you must make sure that you invite HR and payroll to the party.

Be ready to respond to information requests

As the ADP blog asks: ‘If an employee wants to see all the data you have on them, how would you respond? How long would it take you to pull together all that information? Are you sure you know where it lives?’

As a HR dept you will have HR and payroll information. But have you thought about all the other data that will be here, there and everywhere. Such things as:

  • Interview submissions
  • Expenses claims
  • Sick absences
  • Special leave etc

Is this all stored in one place. Or is it, as is likely, scattered across a myriad of systems, on PC desktops, in personal folders and even in old-school physical filing cabinets?

With the strengthened rights that come packaged with GDPR your staff can ask questions.

Thus you, as HR, thinking about the Implications of GDPR on HR and Payroll Departments you must: 

  • Be clear on what data you hold on your employees
  • Be sure your HR systems are fine-tuned to manage the data you have in an efficient manner.
  • Prove to your employees that you have actioned their data requests.

So there might be some housekeeping to do in all those respects.

A brief look there then at the implications of GDPR for your staff.

In June 2017, anticipating all this, Cornerstone on Demand published a blog covering six implications of GDPR for HR.  

Here’s a brief summary. Use it to check you understand what you can and can’t do. And to see how much or how little you still have to do.

  1. No more saving data: You can now keep personal data only for as long as necessary. So in an application process for example, you must delete the data for unsuccessful candidates, soon after the recruitment process.

Also, employees leaving the company can expect you to keep their data for a limited time period.

2.  You must target your information: Employees are only allowed to request necessary information from potential employees. For any other data collection they must obtain explicit permission.

 3. You must be accountable and transparent: From May 25th 2018, it’s imcumbent on companies to provide insights into how and where they keep and process their employee data. NB: Employees have the right to withdraw their agreement.

4. Do not do anything with your data beyond its stated purpose: As a HR dept, not only are you limited in the amount of data you can ask employees and applicants for (see point 2), you may only use it for its intended and stated purpose.

5. The onus is on you to track data: GDPR brings with it an obligation to keep personal information current. And there’s a consequence for HR depts from that.

Record changes from such things as staff removal, job changes and so on are often retained.  But how about performance appraisals? It’s your responsibility to ensure you have the right tools to keep the data in a suitable manner.

6. Protecting data: The whole point of GDPR is data protection. So you must store data in a safe and secure fashion. What’s more it must be well-organised too with only a limited amount of people having access to confidential information.

Go Legal Can Help

If GDPR is giving you a headache. Or you need help with any other aspect of HR policy and procedure Go-Legal HR is here to help.  Simply call  the office: 01793 877787 or the mobile number:  07801 709945.  Alternatively fill out the online contact form.  Leave a message if I’m not there and I’ll get right back to you.