Any company that extrapolates data – whether it’s from their customers, partners or employees –will need to identify legal grounds for processing that data, under the incoming General Data Protection Regulation (GDPR). HR departments - which are often flagged as a high risk to the business in GDPR audits, according to Matthew Holman, Principal at EMW LAW - must consider all avenues when processing employee data.
Holman explains that “due to the sensitive nature of the data and the volume of sensitive data captured by HR teams,” and “processes that are potentially not compliant due to the use of procedural short-cuts and a lack of training,” employers must pay close attention to the various legal grounds, set out by the Information Commissioner’s Office (ICO).
