Risky business: HR data under GDPR
Any company that extrapolates data - whether it 's from customers, partners or employees - will need to identify legal grounds for processing that data, under the incoming General Data Protection Regulation (GDPR).
HR departments are often flagged as a high risk to the business in GDPR audits, according to Matthew Holman, Principal at EMW LAW, and must consider all avenues when processing employee data. He adds that gone are the days of HR simply relying on a standard clause buried deep within an employment contract whereby the employee gives blanket consent to the processing of their personal and sensitive data.
HR teams should consider whether they can document a good justification that will stand the test of scrutiny, including what sort of personal data is involved, how many employees are affected, whether employees are likely to be surprised or upset about the processing if they were to find out about it, and more.