Six months on from the GDPR, there are discrepancies between what employers should be doing to comply with data protection laws – and what they are doing in practice.
CIPHR found in their survey of HR professionals that a third of HR teams admit to breaching the General Data Protection Regulation (GDPR) by failing to delete personal data about employees, job applicants and leavers
Although a good number – although not all (83%) of HR professionals surveyed have set retention periods for employee, leaver and job candidate data, just 69% put their own policies into practice.
“HR Professionals need to focus on enforcing the policies they put in place. Not having a policy or having one and not putting it in place will not impress the ICO during an inspection.”
The survey also found that HR professionals had ignored the Information Commissioner’s Office (ICO) recommendation of enabling self-service access to data. Only one in three said they had enabled self-service access to personal data for employees in response to the GDPR, with that proportion falling dramatically for job applicants (7%) and former staff (4%).
Worryingly, only two-thirds of HR teams had requested consent from employees, leavers and applicants to hold their personal information.
Employers must actively consider the reasons they are using and storing personal information and take appropriate actions if the purpose is no longer relevant or permitted by the GDPR.”
You can read more about your obligations under the GDPR here.
As employment law and HR specialists we know exactly what to do to keep make you compliant and keep you on the right side of the law.