How Will The GDPR Affect The HR Department?

The General Data Protection Act (GDPR) comes into effect in May 2018 and just like every department in your organisation, the HR department will be affected. Whether you head up the HR department or simply administer it, you should understand how the GDPR will affect things when the new rules come into play. The regulators have the power to impose fines of up to 20 million euros or 4 % of a company’s global revenue(whichever is greater). This in itself should be enough to make any HR department prepare for the new rules.

Know Your Employees Rights

The GDPR significantly increases the rights for employees.


  • The Right To Information – Employers will need to provide more detailed information as to the how and why HR related personal data is processed.
  • The Right To Access and Rectify – Employees have a right to access their data and a to have inaccurate data rectified. 
  • The Right To Be Forgotten – Under the right to be forgotten, employees will be entitled to require their employer to erase personal data held about them in certain circumstances.

How To Prepare?

It’s critical to involve the business as a whole, you’ll likely need stakeholders from IT, legal and compliance at the very least. The following steps will help get you on the right track:


  • Data Audit – Asses the current HR data you have, the processing activities around this data and identify any gaps in relation to the GDPR.
  • Privacy Notices – Review current privacy notices and update them to comply with the more detailed requirements of the GDPR.
  • Assess The Legal Grounds For Processing Personal Data – Consent can be revoked at any time, so check whether or not it meets the GDPR requirements. 
  • Data Breach Response Plan – If the worst happens – a data breach, you need to have a plan in place to contain it. As a rule, the breach needs to be notified to the relevant authority within 72 hours and to the employee(s) without undue delay if it is likely to result in a risk to their rights/freedoms. Allocate the responsibility to a trained employee and make sure the process they follow is clear and structured.
  • Data Protection Officer – Decide if a data protection officer should be appointed and if so, plan to recruit and train this person.

Changing Your Ways

The data that HR departments work with comes in all shapes and sizes, from many different systems and sources, from emails, Word documents and most commonly as a paper documents – the greatest area of risk by far.

Finding the right solution to manage this data has now become imperative, rather than just a nice to have. For HR departments that frequently deal with employee and job applicant related documents and data, the significance of the GDPR cannot be underestimated. Working in old fashioned ways with piles of paper, traditional filing cabinets and a mix of digital and paper processes just isn’t good enough any more. The risks are just too high to keep working in this way.

Implementing A Solution

Digital files aren’t only helpful for managers and their HR team, every employee in the company will benefit from built-in services and faster processes. DocuWare is your complete digital platform for storing, retrieving and editing HR records.

How Will The GDPR Affect The HR Department? - DocuWare solution

In this article, we discuss The 7 Benefits of  Digital HR Files and how DocuWare can solve your GDPR compliance concerns. ORS Group are specialists in HR document scanning and document management and we’ve worked with some of the UK’s leading organisations to solve their HR compliance issues.

Customers Already Enjoying The Benefits


MullerMuller British Red CrossBritish Red Cross BarclaysBarclays SovereignSovereign

Related Posts