e-Zest members share technology ideas to foster digital transformation.

Role of HR functions in implementing GDPR

Written by Sakshi Koul | Mar 30, 2018 6:13:01 AM

EU will finally introduce GDPR in the month of May 2018. The main purpose of GDPR is to further synchronize higher level of protection of personal data. The new rules of GDPR will apply to all businesses that handle the data of EU nationals.

GDPR will have serious implications on your company’s HR function as HR is directly involved in processing personal data of employees. Even if your company does not hire EU citizens, it is pivotal that proper procedures are followed as per GDPR.

Some of the important pointers, which HR should always keep in mind while processing data for EU nationals are as follows:

  • Consent: Utmost importance is given to consent under the new rules of data protection. GDPR takes consent very seriously and consent must be specified using clear and plain language. The organization must communicate to employees the exact purpose for which data is required.
    In case, the data is gathered for purpose A, and we aspire to use it for purpose B, then, in that case, we need to take consent again.

  • Data Storage: Data should be stored and organized properly so that it is easily accessible and editable. Also, HR should take some technical measures, to ensure that data is protected by default. Additionally, access to this data should be given to a single person/ authority for accountability. The data cannot be stored for an infinite period of time. Data should be held until it is necessary for the organization.

  • Data processing lists: Under GDPR,HR is responsible and is accountable to demonstrate how the organization is following GDPR. If an EU national/ employee asks to correct or delete some of his information, then the HR should heed their request, and the same should be communicated to external agencies with whom the data might have been shared.
    Also, it’s very important that HR should maintain a list containing the following information:
    • What kind of data is processed
    • Purpose for which data is processed
    • Source from where data is received
    • With whom data is shared
  • Process awareness should be given about GDPR so that the entire HR team is keeping abreast with the privacy rules and regulations.

So get your HR processes audited before May 2018 in order to be compliant as per GDPR.