In the lengthening shadow of the GDPR May 2018 deadline, there is greater scrutiny than ever on how HR is handling data. This can relate to employee, candidate and even payroll data – all the touch points where HR is responsible for personal data.
Critical Future interviewed seven HR directors across sectors and countries for a Workday report: The Impact of GDPR on HR. It uncovers several major concerns around the GDPR that relate to people, technology, communication and training.
GDPR is creating a strain on HR workload
To comply with the GDPR requirements, HR must go through the painstaking process of reviewing all third-party contracts from a GDPR perspective. This will include, for example, pension firms, life and health insurance companies – any organisation that HR shares employee data with.
One HR director interviewed said: “We now have to review all employment contracts with third parties and imagine that we are a multinational firm. Moreover, we do not know exactly who has the ownership of these contracts.”
The HR department must also go through a data mapping process to work out what data is stored, where and why. To comply with GDPR, HR will have to lose a lot of data that they consider valuable.
This is because the new regulations demand that employees’ personal data is “collected for specified, explicit and legitimate purposes”. It must be “adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed.” Clearly, minimal data processing is the name of the GDPR game, so HR will have to delete – and schedule for deletion - a lot of personal data.
These new responsibilities are putting a significant strain on the HR department’s workload.
The technology barrier to GDPR compliance for HR
HR directors are also having to review their HR systems to make sure their processes are GDPR compliant.
One of the report’s interviewees said: “Most people around the company are concerned about the changes in processes. But I am also worried about the changes in our data management system. We need to look at both processes and systems in our effort to comply.”
The interviewees raised several specific concerns about this. First, there’s the potential cost of updating or acquiring and maintaining a data system.
Second, there’s the question of IT knowledge. After all, how many HR directors are IT experts? So, there’s the difficulty of working out which data management system is the best for their requirements.
A third worry is the fear of making technical mistakes along the way - and then losing more precious time as a result.
Communications and GDPR training must be properly addressed
Workday’s report reveals muddy waters amongst HR professionals, and across organisations generally. One of the HR directors interviewed said: “We need more details and guidelines about the new regulation. Some requirements lack clarity and create confusion”.
So not only do HR professionals require clarity and training, but they’re also responsible for the training of staff across the business, including IT, finance, customer support, marketing and the Board so they all fully understand the new laws. For example, they’ll need to know what personal data is, which procedures to follow and how to use new or updated systems.
If you need help with GDPR training, check out Me Learning’s flexible and role-specific online options. To find out more click here.