UK 
United States
Any company that extrapolates data – whether it’s from their customers, partners or employees –will need to identify legal grounds for processing that data, under the incoming General Data Protection Regulation (GDPR). HR departments - which are often flagged as a high risk to the business in GDPR audits, according to Matthew Holman, Principal at EMW LAW - must consider all avenues when processing employee data.
Holman explains that “due to the sensitive nature of the data and the volume of sensitive data captured by HR teams,” and “processes that are potentially not compliant due to the use of procedural short-cuts and a lack of training,” employers must pay close attention to the various legal grounds, set out by the Information Commissioner’s Office (ICO).
Don’t rely on consent
Under the former Data Protection Directive, HR relied on employee consent as grounds as a lawful basis for processing data. But under GDPR, Holman explains that an HR department that relies on consent “is at best, not doing its job properly and, at worst, putting the business at risk of potential complaints from the affected employees and possible investigation by the ICO.”
Continue reading for FREE!
Sign up for a myGrapevine account to get:
- Unlimited access to News content
- The latest Features, Columns & Opinions
- A full range of specialist HR newsletters to choose from
