Main content

6 steps to put HR on track for GDPR compliance with employee data

Barbara Cosgrove Profile picture for user Barbara Cosgrove February 25, 2018
With the deadline looming for GDPR compliance, Workday's Chief Privacy Officer sets out 6 steps to help HR teams bring employee data into line

GDPR etched on base of padlock, data protection © EtiAmmos -
The deadline for compliance with the European Union’s General Data Protection Regulation (GDPR) looms large on the horizon — May 25, 2018. Yet Gartner predicts that even by the end of this year, more than 50% of companies affected by GDPR will not be in full compliance.

Needless to say, the interwebs are alive with dire warnings and FUD. How about an alternative view that focuses on employees, getting things done and the long-term value to all stakeholders?

Here are six ways to hasten your company’s road to HR compliance for processing employee data. Make sure you:

1. Know what you have

Inventory the personal data you have on employees. Search and accumulate what you already possess. This will almost certainly include a gap analysis of where the organization is versus where it needs to be. Knowing what data you have and where it sits is critical to the process of updating your employee data management.

2. Have one view into data

Employee data in HR systems. Employee data in spreadsheets. Employee data in databases. You know the story. Many companies have HR data in many disparate systems. This fact of corporate HR life will undoubtedly make it hard to comply and especially with the all-important security requirements. A much better approach is to corral employee data into one system. That will make it easier for you to safely apply and comply with the GDPR regulations.

3. Determine access

Not everybody should have equal access to employee data. Determine who in your organization needs access to which categories of personal data and put in place controls to manage that access. Design and update rules.

4. Communicate

HR professionals need to communicate the benefits of implementation to all company personnel and clarify employees’ roles and responsibilities. That includes pushing for technology to help companies deal with GDPR compliance, including the role of cloud providers.

5. Train

HR’s role will encompass not just communication, but also training and change management across all business units, such as IT and legal. Employees need to know their data responsibilities when moving data around. As well as pushing back on resistance to change, HR will need to create incentives to ensure employee engagement.

6. Think big picture

GDPR requires investment now, but having better processes and systems around data will pay off far into the future.

Sarbanes-Oxley compliance was a nightmare at first but its problems were mostly confined to the finance office. Today, companies cannot live without it. GDPR is different in that it impacts everyone. It is an opportunity to move in the right direction, put data in the spotlight, offer improved data management and insights and the chance to rethink how you acquire, store, and maintain data.

The focus on data will allow HR to become more strategic, providing many more data points around top-of-mind topics such as engagement and diversity. Businesses going through the process of meeting GDPR compliance will not only boost productivity and performance, but also increase trust with employees and customers that comes from being a privacy-centered organization.

Does that sound so bad at a time when employee happiness, employee trust, and diversity are in the spotlight?

A grey colored placeholder image