How should HR process data to be GDPR compliant?

In our online training course Introduction to GDPR for HR, Kim Bradford explores the impact of the new regulation on HR and discusses the various ways that HR can manage the impact of the GDPR. In the clip below, Kim talks through the main criteria that HR departments should consider when processing personal data, and how to make sure that they remain GDPR compliant.

The biggest challenge for HR departments

One of the biggest challenges for HR departments is ensuring that the HR department has the right consent from the data subject. This is also increasingly difficult when we consider how many different ways that companies now collect personal data of some kind from all types of workers, not just candidates and employees.

In this cheat sheet for HR departments to prepare for the GDPR, there are five areas that HR should prioritise when ensuring that they are GDPR compliant:

  • Recruitment – Do applicants receive an appropriate privacy notice, detailing how, why and what their data will be used for? Is the data collected absolutely necessary?

  • Subject access – Is the organisation’s procedure robust enough to manage access requests? Can it disclose these transparently?

  • Impact assessments – Does the organisation have a procedure in place to review the impact a new project or activity would have on data security and privacy? Is the project at risk of contravening the data subject’s rights or the GDPR as a whole?

  • Data retention – As per the principle of data minimisation, can any data held on file be disposed of? Is the wider company aware of where data may be held, and therefore liable under GDPR?

  • Third parties – Does the company work with any third parties? Are they compliant? Do contracts expressly outline the limits and responsibilities of each party under GDPR?

If you’re looking to learn more about the impact of the GDPR on HR, then you should also read this great blog post on what HR departments needs to know about the GDPR that was posted by Kim earlier in the year.

Also be sure to subscribe to the myHRfuture YouTube channel for more #BitesizedLearning videos in the future on data privacy and ethics.

Online training on the Impact of GDPR on HR

Our Introduction to GDPR for HR course will introduce you to the General Data Protection Regulation, and by extension the Data Protection Act 2018, outlining what this law is and why it matters to HR professionals as well as the companies they work for. Hear from a leading dual practitioner in HR and Data Protection on the following topics:

1. What is the General Data Protection Regulation (GDPR)?

2. Why has the law changed, and why does it matter to individuals, companies, and HR professionals.

3. What are the key definitions in the legislation, and how does this impact businesses in general, and HR in particular?

4. How and where you should look to implement changes within your day to day activities.


Ian Bailie is the Managing Director of and an advisor and consultant for start-ups focused on HR technology and People Analytics, including Adepto, Worklytics and CognitionX.  In his previous role as the Senior Director of People Planning, Analytics and Tools at Cisco Systems, he was responsible for delivering the tools and insights to enable and transform the planning, attraction and management of talent across the organisation globally.  Ian is passionate about HR technology and analytics and how to use both to transform the employee experience and prepare companies for the Future of Work.