Third in HR fail to delete personal data
A third (33%) of HR teams admit to breaching the General Data Protection Regulation (GDPR) by failing to delete personal data about employees, leavers and job candidates after data-retention periods expire, according to a survey by CIPHR.
Although 83% of HR professionals surveyed have set retention periods for employee, leaver and job candidate data, just 69% put these policies into practice and deleted the data when such periods expired.
Six months on from the 25 May 2018 GDPR deadline, 87% of respondents said they were ‘very’ or ‘somewhat’ confident that their HR processes are now fully compliant with the regulations. Their confidence fell to 79% when asked about their wider organisation’s compliance with the GDPR.
The study also found that HR professionals had ignored the Information Commissioner's Office (ICO) recommendation of enabling self-service access to data. Only a third (31%) of respondents said they had enabled self-service access to personal data for employees in response to the GDPR, with that proportion falling dramatically for job applicants (7%) and former staff (4%).