GDPR and Human Resources

The Human Resources department is responsible for managing and protecting employee data. And with the implementation of the GDPR, privacy is becoming one of its main challenges.

How are HR departments affected by the new regulation?

1. Consent: while human resources professionals have always requested consent to collect data on candidates or employees, the definition of consent today must be “specific, informed and unambiguous”.

2. Reportage: with increasingly frequent and sophisticated cyber attacks, the GDPR aims to make companies more responsible for data theft.

3. Access: a key element to guarantee GDPR compliance is to protect those who can access the personal information of candidates or employees. Human resource teams must therefore ensure maximum security of sensitive data.

4. Disposition: the human resources departments can no longer store personal data indefinitely. There must be a reasonable and justifiable cause for keeping the data.

5. Third parties: as data controllers, you can also be held responsible for those who (as a third party) process and manage personal data on your behalf. Human resources professionals must therefore know which software or platforms use these third parties and make sure that they comply with the GDPR.

However, no platform makes an organization automatically compliant; some systems may provide support in data management, but a complete strategic plan must be established with standards, rules and procedures to guarantee the confidentiality and protection of the personal information of its employees.