How to prepare for GDPR in an HR (technology) context?

05 February 2018

Your form has been successfully submitted.

What does it mean for HR?

There’s no way around it, on May 25th, 2018, the General Data Protection Regulation will officially be enforced. So, let’s make sure you’re well prepared. The GDPR consists of a (large) set of guiding principles on how to store and process personal data. Working with personal data day in, day out, HR will definitely be impacted by this new regulation.

But other departments within your organization might be using personal information as well…

Have you thought about how many reports and excel files circulate within your company which contain personal information?

Are these files distributed via email/ Sharefile / Sharepoint /…?

To whom?

Do you have an archive to store them?

HR plays a key role in creating awarenessand providing the necessary change managementbefore, during and after the transition period. Always keep in mind that:

  • You need to be careful when handling personal information such as names, contact details, … even birthdays. Your data subject has the right to know what you are doing with the data, for what purpose you use it and how you are securely storing their data.
  • It’s your responsibility to keep the data safe as other people might want to access or (miss)use it.

The bottom line of GDPR is that people are in full control of their own data.

When storing/processing personal data of a person as a company, consider this data as a ‘property’ of the person that he/she grants you access to within well-defined boundaries.

How to work with your technology partners in a GDPR compliant way?

As your employees trust you in using their personal data for well-defined reasons, it is important that these well-defined reasons are also fully described and followed up when working with external partners that have access to the personal data of your personnel.
The external partners share this responsibility with you.

There are3 GDPR essentialswhen working with external partners:

1. Data Processing Agreement

Your HR Technology partner does not automatically process personal data, this depends highly on
the scope of the assignment. If data processing would take place, your partner may only process data
when explicitly requested, for the purpose defined by you, the customer. The partner does not collect or store personal data of its customers unless explicitly described in the data processing agreement.

This agreement does not only contain descriptive information like:

• What data is processed
• For how long will data be accessed, processed or stored
• How data will be destroyed or returned to the customer

It also defines certain obligations:

• How data will be accessed/processed/stored securely (organizational and technical)
• How security breaches will be dealt with
• Audit assistance obligations

2. Record of processing activities

Next to a data processing agreement, a record of the processing activities by your partner must be maintained for each process, describing all personal data that is processed:

• The name and contact details of the different processors
• Your partner’s representative and where applicable your internal Data Protection Officer
• The goals of the processing
• Technical and organizational security measures

3. Data breaches

If data breaches would occur, your partner needs to inform you about every data breach immediately after becoming aware of it.

These GDPR essentials when working with external partners provide a basis for a good partnership that keeps the data subject in full control of his/her data.

Related articles


January 9 2020

Infrabel jumps on the employee experience train

Infrabel puts employee experience high on their agenda. With ‘My Talents’ they’ve introduced a brand new approach to support the personal growth of their employees. Infrabel is changing on a...

read more

January 9 2020

Etex Talent: the road to 2020

2020 is here! Over the past years, the team at Etex has been working hard to reach their transformation goals for 2020. With about 15,000 employees working at 113 production sites in 42 count...

read more

December 19 2019

Happy Holidays!

A holiday message from all of us at Emeritis a Deloitte business...

read more

'Emeritis' refers to 'Emeritis a Deloitte business'

© 2020 Unikoo. All Rights Reserved.