GDPR is the European Union’s new legislation to protect the personal data of EU citizens – it stands for General Data Protection Regulation and comes into force on 25th May 2018.

The GDPR will require organisations to take data protection risks into account throughout the design and implementation of all of their policies, processes, products and services, with significant financial penalties for non-compliance.

So how will Brexit affect this legislation? The resounding advice is that the GDPR does not just apply to businesses in the EU, it applies to any organisation that controls or processes EU data, wherever they are in the world.

GDPR significantly increases the rights for employees, including: –

  • The Right to Information – Employers will need to provide more detailed information around the how and why HR related personal data is processed.
  • The Right to Access and Rectify – Employees have the right to access their data and to have inaccurate data rectified.
  • The Right to Be Forgotten – Under the right to be forgotten, employees will be entitled to request that their employer erase personal data held about them in certain circumstances.

How can employers and HR leaders prepare for GDPR? Here is an overview of your key responsibilities: –

  • Data Audit – Review the HR data you have, keep a record of data operations and activities and identify any gaps in relation to the GDPR
  • Privacy Notices – Carry out a data privacy impact assessment (PIA) for systems and projects. To read more about the PIA click here.
  • Assess the Legal Grounds for Processing Personal Data – Consent can be revoked at any time, so check whether or not it meets the GDPR requirements.
  • Data Breach Response Plan – If a data breach occurs you need to have a plan in place to contain it. The process should be clear and structured. Click here to read more about breach notification.
  • Data Protection Officer – Consider if you will be required to designate a Data Protection Officer (DPO) and if so, plan the recruitment and training of this individual.

For more information on how to prepare for GDPR, Personnel Today have a very detailed guide.


Broster Buchanan is a specialist professional recruitment and talent solutions consultancy, delivering on assignments nationwide through our network of offices.

If you would like to find out more, please do get in touch.