hamburguer menu

GDPR & Compliance

GDPR poses significant challenges for HR professionals, as failing to comply with it can result in big fines. Here you’ll find insights and tricks about how you can make your HR operations compliant. Are you using SAP-HR, SuccessFactors or any other HRIS? We got you covered.

What is compliance with GDPR?

The General Data Protection Regulation (GDPR), came into effect on May 25, 2018 with the aim of standardizing and strengthening the rights of European residents in relation to their personal data. In practice, this regulation requires all companies operating in the European Union to adopt policies, processes, and practices while managing the personal data of their workers. This has a massive impact on HR departments, that must adapt their processes to comply with the requirements of transparency, security, and accountability and be ready for legal updates.

GDPR Compliance Solutions for Enterprises can help you protect employee’s rights and avoid significant penalties.

Is employee data covered by GDPR?

Yes, and there’s a big risk in failing to comply with GDPR, as it can result in fines of up to EUR€20 million, or 4% of annual turnover. Here are some of the general guidelines and best practices for employee data protection:

  • Companies can only store essential, accurate, and up-to-date employee data. This must be limited to relevant information for the fulfillment of the employment contract or information that is necessary for compliance with a legal obligation.
  • Companies must clearly communicate how, where, and for how long an employee’s personal information will be stored. Companies are obliged to inform the employees about the purpose and legal basis of data processing at the time the personal data is obtained.
  • Employees have the right to data portability, the right to be forgotten and the right of rectification. This means that they can make use of their information at any time, as well as request a copy of the stored data, and order its rectification or deletion.
  • Companies must appoint a Data Protection Officer (DPO) who acts independently and is responsible for monitoring the company’s data protection policy and its implementation to ensure compliance with GDPR requirements.
  • For multinational companies, GDPR imposes restrictions to limit the ability to transfer employees’ personal data to countries outside the EU.
  • In the case of a personal data breach, companies must notify the authorities in less than 72 hours after identification.

Ready to talk?

Please tell us about your current or future HR needs.

One of our local experts in your region will contact you directly and help you choose

the right solutions to meet your goals.