Get in touch today 0345 450 5558

GDPR has arrived….. are your HR processes compliant?

June 8, 2018

Last reviewed: March 30, 2023

Stephens Scown Solicitors logo

Employment law solicitors share their checklist for ensuring your HR processes are GDPR compliant.

It’s four letters that have been banded around for two years and now with its implementation finally here do you have the right practices in place with your employees in order to minimise the risk of a fine of 4% of turnover or £20,000,000 (whichever is higher)?

Here we provide a checklist to ensure you have completed the following with respect to HR data:

1. Updated your policies and contracts where there are any clauses referring to Data Protection.

2. Reviewed any agreements with third parties who have access to personal data (such as HR system providers, payroll providers etc.), re-negotiate these or find another supplier if appropriate.

3. Sent your employees a Privacy Notice to inform them about the personal data you hold and the lawful basis for processing that data.

4. Have a policy in place for encrypting personal data where appropriate when you are transferring it particularly in emails.

5. Thought about job applicants and making them aware of how you will store any of their data and on what lawful basis.

6. Ensure all your employees are aware, if they handle personal data, of their obligations.

7. Ensure you are aware of the free subject access requests the public and employees can make and the time limit reduction to a month to respond.

8. Ensure that you have a data protection breach policy in place (breaches need to be reported to the ICO within 72 hours).

9. Decided how you will govern remote working regarding security on personal phones and laptops.

10. Consider anonymising data so you cannot tell who the information relates to if you can.

11. Encourage the use of complex passwords for employees and ensure they lock their computer when not at their desks.

12. Ensure you are keeping records of the lawful basis for processing personal data.

If you have any issues with complying with GDPR in the HR context we have an experienced employment team who can provide you with all the necessary advice and support to help handle these matters.

Our employment solicitors and HR advisors work in partnership with organisations to improve their HR practices and advise on employment issues. To discuss this article or any other HR issue call 01392 210700 or

Next Steps

If you are seeking advice or have any questions in relation to this article, you can contact us by calling 0345 450 5558 or by emailing

Alternatively fill out the form below and we’ll get in touch right away.