What Is the General Data Protection Regulation (GDPR)?

In 2018, the General Data Protection Regulation (GDPR) was introduced across Europe as an effort to enhance data protection compliance and safeguard the privacy of individuals through transparency, fairness, accountability and the opportunity to control their own data.

GDPR requirements are focused, in part, on data accuracy, retention, consent, and transparency. The regulation requires “businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.”

How does GDPR affect HR?

While customer data might first come to mind when thinking about personal data privacy, GDPR regulations also impact employee data. This includes information gathered during the recruitment process, as well as information gathered and maintained once employees are hired, including performance monitoring and references. GDPR gives employees the right to access, correct, or request the deletion of their personal data. 

If you have European operations, European employees, or job candidates from Europe applying for jobs, you must comply with GDPR regulations. 

What type of employee data is governed by GDPR?

From name, to date of birth, government identification number, gender, employee ID, marital status, home address—and even work email address—personal employee data is protected through GDPR.  

Collecting personal data must be done either with freely given permission from the data subject or when certain lawful bases apply, including when processing is necessary for pursuing the legitimate interests of the organization. 

 Read more on GDPR:

• What the GDPR Shows Us About the Future of AI Regulation

• 7 Surprising Facts HR Pros Should Know About the GDPR

• Why Corporate Transparency is a Win-Win for Business