Is it time for HR and GDPR to team up?

Is it time for HR and GDPR to team up?

GDPR entered the market with a bang.

Overnight, consumers awoke to an entourage of emails asking them to update their marketing preferences. And IT professionals set to work building secure internal systems.

But that was over three years ago, now. And the legislation still continues to baffle and bewilder customers and businesses alike.

For a long time, businesses were focused on integrating IT and GDPR compliance, because this is usually the department dealing with the most data. But which department is dealing with employee data on a daily basis? HR.

According to GDPR expert and founder of CVG solutions Cristina Vannini-Goodchild, it’s time for HR departments to integrate with compliance professionals, and get savvy on GDPR.

When we think of HR, employee wellbeing naturally springs to mind. Protecting employee data should also feature in workplace wellbeing efforts. Individuals share precious information with their employers – bank details, addresses, and emergency contacts. Employers have a duty to their staff to protect that data.

Cristina Vannini-Goodchild

Creating a privacy-aware culture

For employees, HR is a critical touchpoint during their employment. The department is central to onboarding, induction, retention, and departure processes – all of which create an insurmountable amount of data.

And it’s worth noting that during the induction period, GDPR training should be given to employees within their first month on the job. The question is – are HR professionals aware of this? And have they updated their onboarding and induction process in line with these requirements?

The regulation has given employees more autonomy over how their data is used. But HR teams who aren’t aware of the implications risk mismanaging employees’ private information.

Something as simple as sending a job acceptance letter or payslip to the wrong person can pose a significant risk to compliance, which means it’s critical for HR teams to amend their internal processes to protect data security and minimise risk of breach through human error.

One way businesses can build a culture of privacy awareness, where all employees regardless of department are vigilant when it comes to GDPR, is to engage in continuous training.

“Businesses go through many transformations during their lifecycle, and their GDPR compliance needs can change dramatically year-on-year,” Cristina explained, “so the best way to ensure the business is compliant is to stay up-to-date on relevant training.”

Discover more about CVG Solutions by calling 01775 660506 or visiting

Ebony-Storm is a writer and creative freelancer based in the UK. From ghostwriting to social media marketing, newsletter management to copywriting, Ebony-Storm has worked on projects covering technology, freelancing, the future of work, and business, all while travelling around Europe. Responsible for interviewing people for editorial content since the age of 19, she has developed a unique ability to connect with individuals on a diverse range of subjects and create a space where people feel empowered to share their stories. Focused on building meaningful relationships, Ebony is passionate about original ideas, and loves the feeling of learning something new from the people she works with.