What you need to know about GDPR and employee data

By Karen Credie, director, KMC Human Resources.

Most business owners have begun making preparations for GDPR so far as their customer data is concerned but what about employee data?

Just as the 25 May 2018 hails the start of stricter rules around the collection and use of client and supplier data, the same applies to information about staff.  

Employers will need to ensure they have adequate procedures in place for the collecting, transferring and storing of employee data. Under the current Data Protection regulations, many employers gain consent to process employee data by including a clause in their employment contracts.

However, GDPR will tighten the rules for gaining consent, which will need to be explicit, informed and given.

The so called ‘right to be forgotten’ will also apply, meaning employees will be entitled to require their employer to erase personal data about them in certain circumstances.

It is also worth noting that the stricter rules for employers will not just apply to employee data – but job candidates too. For many employers, demonstrating compliance will be made easier by the use of a cloud-based HR management system.

In fact, the regulator recommends making use of such HR software to increase transparency between employers and their staff.

In addition to consolidating HR information in a single, secure location, employees are able to see the data their employer holds on them. Many systems, such as the one we use called breatheHR, are hosted in the UK and are GDPR compliant.   For more information on how to prepare for GDPR from an HR perspective, please contact us.