Should all HR processes be documented for GDPR purposes?Posted in : Seamus Says - Employment Law Discussion on 3 May 2019
Scott: All HR processes that involve personal information or information that might identify an individual should be documented and certainly risk assessed.
Seamus: Yes. Absolutely. It's part of your audit that you're carrying out, and you shouldn't just do an audit last year whenever the regulations came in. You should be constantly setting a timeframe. I'm not saying you do it constantly, but you should set a timeframe to look at your audit and go back through the documentation that you're retaining, how you're retaining it, the purposes that you're retaining it for.
And as part of that process, then absolutely, you should be carrying out your audit and making sure that you're not retaining anything that you don't need to retain, or that you are making sure that you're making the correct accordance that you need to do.
More on Data Protection & Freedom of Information
- Can an employer refuse a request from an unsuccessful job applicant to delete any of their data in its possession as it may be necessary for the defence of legal claims?
- If employees willingly provide personal email addresses at the start of their employment and their personal email addresses were used to contact them while they worked from home during the Coronavirus Lockdown, is this a breach of data protection?
- Can we ask staff to let us know if they have been vaccinated, and can we keep a record of this?
- Does the chief executive have the right to view sensitive personal data without an employee’s consent?
- Data Protection Implications of Selling From the UK into the EU after Brexit
The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.