GDPR one year on: HR has compliance confidence but fears fresh Brexit burden

A supplier of global Cloud-native HR software for mid-sized and growing UK and international businesses has revealed that one year on from GDPR coming into effect, an impressive 95 per cent of UK HR professionals feel confident in their compliance with the EU legislation*. However, 76 per cent report that GDPR has imposed a significant burden on the HR department, and the majority (64 per cent) believe data protection will get harder if the UK exits the EU.

The survey, which polled 250 UK HR professionals in May 2019, also showed that the vast majority of HR practitioners (88 per cent) are confident in their understanding of GDPR legislation relating to the retention and deletion of data. This GDPR compliance confidence also correlates with the robust knowledge that HR teams have when it comes to data storage and data security. Results showed that 92 per cent know where their people data is stored, and not far behind, 86 per cent say they have confidence in the security systems that their HR department have in place to protect people data.

While it is good news to see that UK HR professionals are on top of GDPR compliance, it comes at a cost with three-quarters of respondents (76 per cent) stating that GDPR has imposed a significant additional burden on the HR department. For instance, the same high number of respondents (76 per cent) cited an increase in subject access requests (SARs) since GDPR came into effect a year ago.

Commenting on the research, Sue Lingard Director of Cezanne HR says,

HR teams process huge amounts of personal data, and are in the frontline when it comes to deciding what data to collect, how to manage and secure it, who should have access and how long they need to keep it for. It was inevitable that they would have to bear the brunt of compliance activities. The problem is that these activities are ongoing, so the overhead is never going to go away.

Just over half HRs surveyed (52 per cent) also reporting having to manage date deletion and anonymization using manual or semi-manual processes.

Sue Lingard commented,

In my view, HR teams should be asking more of their HR suppliers – and extending access to their systems to their complete workforce, including gig workers and contractors.  For example, most HR systems are sophisticated enough to incorporate tools that let HR teams set up rules that automatically remove or anonymise data in line with different legislative requirements. That would remove a lot of the administrative burden from HR, and ensure that important compliance steps don’t get overlooked.

Interested in HR analytics? We recommend Mission Critical HR Analytics Summit 2019.

*revealed by Cezanne HR