However, 76% report that GDPR has imposed a significant burden on the HR department, and the majority (64%) believe data protection will get harder if the UK exits the EU.
The survey, which polled 250 UK HR professionals in May 2019, also showed that the vast majority of HR practitioners (88%) are confident in their understanding of GDPR legislation relating to the retention and deletion of data. This GDPR compliance confidence also correlates with the robust knowledge that HR teams have when it comes to data storage and data security. Results showed that 92% know where their people data is stored, and not far behind, 86% say they have confidence in the security systems that their HR department have in place to protect people data.
While it is good news to see that UK HR professionals are on top of GDPR compliance, it comes at a cost with three-quarters of respondents (76%) stating that GDPR has imposed a significant additional burden on the HR department. For instance, the same high number of respondents (76%) cited an increase in subject access requests (SARs) since GDPR came into effect a year ago.
Commenting on the research, Sue Lingard Director of Cezanne HR says. “HR teams process huge amounts of personal data, and are in the frontline when it comes to deciding what data to collect, how to manage and secure it, who should have access and how long they need to keep it for. It was inevitable that they would have to bear the brunt of compliance activities. The problem is that these activities are ongoing, so the overhead is never going to go away.”
Just over half HRs surveyed (52%) also reporting having to manage date deletion and anonymization using manual or semi-manual processes.
“In my view, HR teams should be asking more of their HR suppliers – and extending access to their systems to their complete workforce, including gig workers and contractors,” Sue commented. “For example, most HR systems are sophisticated enough to incorporate tools that let HR teams set up rules that automatically remove or anonymise data in line with different legislative requirements. That would remove a lot of the administrative burden from HR, and ensure that important compliance steps don’t get overlooked.”
