GDPR Compliance: A Concise Guide for HR Managers

This year the new GDPR data protection legislation came into force. It aims to protect people’s personal data in the modern world of the internet and mass data processing. A lot of the literature out there has been focused on protecting customer data. However, the GDPR applies to all personal data, including that of employees. This means that HR managers have a lot of data and documents to manage and ensure GDPR compliance for.

A survey of over 800 HR professionals found that on average there were five separate records kept for each employee, while 51% of HR professionals admitted that their business cuts corners and risks jeopardising compliance standards. With the amount of paperwork to be processed, it’s no surprise that gaps arise in data protection policy implementation. However, GDPR compliance doesn’t have to be difficult. Here’s our brief GDPR guide for HR managers.

Step 1: Organise 

The first step to GDPR compliance is organising, categorising and indexing the personal data you hold. First of all you will need to sort the data by document type, such as pension records, sickness/absence notices, contracts, right to work documents, disciplinary/grievance documents and training records. This is important for GDPR compliance, because not only does it mean you can manage and adhere to the legally-required retention periods for different document types, but you will also be able to meet the “right to be forgotten” for employees.

Documents should also be correctly and thoroughly indexed, by name and document type etc., using uniform labelling and indexing conventions. This will allow documents containing personal data to be located with ease when required, which is important for transparency and compliance. With all of this in place, then should an employee request to be forgotten, you will be able to locate all the data about them that you store, delete what is required and retain any documents that legally need to be kept for certain time periods.

Step 2: Ensure Security

Once your data is properly organised, it also needs to be secure in order for your business to be GDPR compliant. Your documents can be scanned so that they are available digitally or alternatively securely archived in our facility. Cleardata’s archive storage and scanning facilities are protected by enhanced security systems and fire detection. Our Cleardox archive management system also provides a complete audit trail function, which tracks any physical movement with your documentation by user, date, nature of activity and time, ensuring the utmost security for documents stored off-site.

Step 3: Create a Process

Once all of your existing HR documents have been organised, you need to ensure you have processes in place to continue to meet GDPR compliance.

One of the main times when compliance could be at risk is during employee on-boarding. All documentation for new employees needs to be properly categorised and indexed, then saved in the right place. This usually involves the manual input of information, which can be time-consuming and leave room for human error. A good way to get around this is with robotic process automation (RPA). RPA utilises software robots as a digital workforce to automatically index new documents according to your existing filing structure and is a fantastic cost-effective solution for employee on-boarding.

Step 4: Implement and Monitor

Once all of your systems are set up, you’ll need to make sure that these processes become part of everyday working life for HR employees. That way you can ensure continued compliance with the GDPR.

Cleardata are experts in data security, so let us help. We have a dedicated Compliance Manager who has the CIPM certification (Certified Information Privacy Manager) and is able to provide comprehensive, expert advice on how to implement systems that are GDPR compliant. Cleardata also has a range of managed services to make storing, accessing and securing data easy for your business.

GDPR compliance is of the utmost importance, and it’s not something you should cut corners with. Let Cleardata help you with our fully managed outsourced archiving and scanning services. Protect your personal data, save time for your staff, and avoid hefty fines resulting from non-compliance.

For further information on GDPR compliance for HR, then take a look at our whitepaper on the topic or call our team on 0800 046 8081.