Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

General Data Protection RegulationData protectionLatest News

Five policies HR needs to revise ahead of the GDPR

by Ashleigh Webber 23 May 2018
by Ashleigh Webber 23 May 2018

With Friday’s GDPR deadline looming, employers have undoubtedly been spending the last few weeks reviewing the data they store about their staff, clients and other parties to ensure they will not be in breach of the regulation when it comes into effect.

GDPR resources

How to develop and implement a General Data Protection Regulation (GDPR) compliance programme

How to manage the retention of employee data under the General Data Protection Regulation (GDPR)

While some might see preparing for the regulation as a box-ticking exercise, others would argue that making the commitment to protect employees and customers’ personal details is a good opportunity to win trust.

According to Juerg Birri, global head of legal services at KPMG, the GDPR provides a chance to “build a picture of how [an] organisation manages data, which has recently become a key element for company reputation”.

But as well as fulfilling their obligations to protect customers’ and suppliers’ data, employers also need to make sure their responsibilities under GDPR are communicated to their employees. Employees need to be aware of their rights as data subjects, as well as the role they play in making sure their employer is compliant.

Here are five policies HR needs to revise or implement to ensure their staff are up to speed with the changes:

1. Data retention and disposal policy

Employers need to be able to demonstrate that they store only the data they need and only for an appropriate period. One of the six privacy principles under the GDPR is “storage limitation” – i.e. the business can store and process only the data necessary for the purpose of carrying out a job, and for no longer than needed.

Employers should provide guidelines on the retention periods for certain information HR might hold about their staff. Its policy should include the measures the employer is taking to ensure the security of that data during the period it is retained, and how it will securely dispose of the data when it is no longer needed.

2. Privacy notice

Staff need to be informed about the data their employer stores about them, how it will be processed and details about the organisation’s lawful right to process it. It should also remind employees that their right to privacy will be respected by the organisation.

According to Eduardo Ustaran, co-director of privacy and cybersecurity at law firm Hogan Lovells, businesses should appreciate that data protection is a fundamental right.

“Success in this new era that is about to start will come from the acknowledgement that treating personal information responsibly is in everyone’s interests. Those who commit to this principle will see the GDPR as an opportunity and reap the true benefits of data,” he said.

3. Subject access requests policy

Data subjects – those whose data is held or processed by an organisation – have the right to make a subject access request to find out which information is held about them.

Employers should make their staff aware of some of the changes to the rules around subject access requests, including revised time periods for responding to requests (down from 40 days to one month after receiving the request), the information that needs to be provided in response to a request and the extent of the search.

4. Data breach reporting policy

Sign up to our weekly round-up of HR news and guidance

Receive the Personnel Today Direct e-newsletter every Wednesday

OptOut
This field is for validation purposes and should be left unchanged.

HR departments need to inform their staff about the steps an organisation would take in the event of a data breach. This should be a comprehensive plan that follows the guidelines set out by the ICO, and include the need to report data breaches within 72 hours and inform the relevant parties.

5. Legitimate interests policy

According to law firm Taylor Vinters, employers might also consider putting a legitimate interests policy in place to remind employees of the situations where it has a valid reason for processing personal data – for example, it would need an employee’s bank details in order to pay them. It recommended that employers list the reasons for which they might legitimately process an employee’s data for the sake of clarity.

Ashleigh Webber

Ashleigh is a former editor of OHW+ and former HR and wellbeing editor at Personnel Today. Ashleigh's areas of interest include employee health and wellbeing, equality and inclusion and skills development. She has hosted many webinars for Personnel Today, on topics including employee retention, financial wellbeing and menopause support.

previous post
Why it’s time to shake-up leadership training
next post
Median pay awards at 2.5% for fourth consecutive quarter

You may also like

CIPD Festival of Work: ‘Wellbeing is not an...

11 Jun 2025

ICO strategy to examine use of AI in...

5 Jun 2025

‘Polygamous working’ is a minefield for HR

14 May 2025

M&S pauses hiring as it deals with cyber...

2 May 2025

Remote working may have triggered jump in employee...

17 Apr 2025

GMC ‘erases’ records on doctors who change gender

21 Feb 2025

What’s HR’s role in ethical AI adoption?

6 Feb 2025

Top 10 HR questions January 2025: TUPE employee...

4 Feb 2025

LinkedIn accused of using user data to train...

23 Jan 2025

Deliveroo, Just Eat and Uber face calls for...

20 Jan 2025

  • Empowering working parents and productivity during the summer holidays SPONSORED | Businesses play a...Read more
  • AI is here. Your workforce should be ready. SPONSORED | From content creation...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2025

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2025 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+