Support for your business to improve GDPR compliance for HR

You can improve regulatory compliance and implement best practice HR data management

The General Data Protection Regulation (GDPR) is likely a term you’ve heard by now, and it often brings fear and dread so we’ve made it quick and easy for businesses to gain GDPR compliance for HR.

Employers have responsibilities under the regulations relating to how they collect and process personal data. Compliance is not only a legal requirement but also helps to develop trust with employees.

We offer consulting services to help you interpret the many pages of legislation that apply to your business and integrate the policies into your HR processes.

GDPR for HR - Support Options - Lighter HR

Support Options for

GDPR for HR Policy Pack & Consultancy

Provision of full Policy Pack* plus the required consultancy, including onsite visit to conduct data audit, preparation of the full set of documentation, and briefing sessions for managers.

GDPR for HR Policy Pack

Downloadable copy of the Policy Pack*, including the policies and overview documentation for communication and training.

* See our GDPR for HR FAQ for the Policy Pack contents list

Key Service Features
for GDPR for HR

Full set of GDPR policies that are tailored to your specific requirements

Overview presentation on GDPR for communicating with and training your employees

Guidance on the regulations and implementation, including updating current Employment Contracts

Consultancy to audit your current HR data practices (processes and systems) to ensure compliance

See our GDPR for HR FAQ for more details

What our clients say…
Get In Touch


What does the Policy Pack include?

The pack contains the following documents, policies and templates:

. GDPR Overview

. Guidance and advice on the regulations and implementation

. GDPR Policies
— Data Subject Access Request Procedure
— Data Breach Notification Procedure
— Privacy Policy
— Record Retention and Protection Policy

. Data Audit Template

. Data Breach Register

. Data Subject Access Request Register

. Templates for communications to employees, updating current policies and employment contracts

How will I know that I’ve achieved GDPR compliance?

The first step will be to undertake a data audit to make sure that you know exactly what personal data you hold about your employees, how you obtain it, how you use it, how you protect it, who it’s shared with and how long you keep it for.  We can guide you through this process or we can provide you with a template that you can complete yourself.

From there, you need to establish a set of policies, which again we can do for you (as long as we have the output of your data audit) or we have templates that you can purchase and populate yourself.

You then need to communicate with your employees, send them the relevant policies and train them so that they understand their obligations under GDPR.  We have training slides that we can come and deliver for you.

Then, there’s the real work!  You’ll need to clean-up the data that you hold to ensure that you are complying with your own policies.  This probably won’t need to be all in one go; that will depend on the policies that you have in place for data retention.

What do I need to communicate with my staff?

Transparency is a key requirement of GDPR so you need to be entirely open with your employees about the data that you hold on them, how you obtain it, how you use it, how you protect it, who has access to it and how long you keep it for.  You also need to inform them of their various rights under GDPR legislation.

By sharing the relevant policies with them you should achieve this.

Do I need to delete all data we hold on our (current and ex) employees?

Absolutely not and in fact, you can’t. 

There is some information that you hold on current and ex-employees that you’re legally obliged to keep for a certain length of time so don’t be too eager to delete what you have.

When you complete your data audit, you’ll also start to set out the approach that you want to take to data.  You’ll clarify what the legal requirements are in relation to data retention and then you can delete the data that you no longer have any legitimate reason to retain.

If you have further questions, call us on 0203 319 1649 and we can go through the options available to you.