What changes are happening to data protection?

The GDPR (general Data Protection Regulation) builds on and extends current data protection law and introduces some new elements. With “privacy by design“ a cornerstone of GDPR, the legislation requires cultural as well as process change for all organisations. The law came into force on 25th May 2018 so it’s vital that organisations are compliant with the new aspects of the legislation.

Compliance is an organisation-wide requirement, of which appropriate action in respect of HR and workforce data is a key aspect. Employers need to review how data is collected, stored, processed and how individuals are made aware of these activities.

A significant change under the new legislation is the requirement for organisations to demonstrate their ongoing compliance to the regulator,  the Information Commissioner’s Officer (ICO).  The cost of non-compliance could be considerable, including fines from the ICO of up to 4% of annual turnover (capped at €20 million) plus significant reputational damage.

In order to achieve compliance, Roots HR recommend practical steps including:

  • A full audit of all personal data held by your organisation and the purposes for which it is held
  • A record of processing for all personal data in organisations with over 250 employees, or where data is viewed as “high risk” or special category
  • A written analysis of the legal justification for holding and using each type of personal data you hold
  • New ‘Privacy Notices’ providing full transparency to individuals about how their personal data will be stored and used
  • Procedures for timely and systematic destruction of personal data – this may prove technically and administratively demanding and needs careful planning
  • Systems for data security and management and reporting of any data breaches that occur
  • Training for your employees.

Roots HR services to help you with GDPR:

Free Factsheet –

To access our FREE factsheet on GDPR and considerations for your HR data, just click here.

To start your journey to compliance –

Our GDPR HR Data Audit Guidance Notes and recommended GDPR data audit for HR template is designed to build into your record of processing – order your guidance notes for just £29 + VAT and receive the HR data audit template FREE.

Specialist advice –

We can provide your organisation with tailored advice on the GDPR, including how it relates to recruitment/on-boarding, employment contracts, policies, disciplinaries, grievances, employee casework, sickness and medical records, personnel records, Subject Access Requests, embedding cultural change in the handling of personal data, TUPE, Privacy Notices and Privacy Impact assessments.


We can offer full or half day training sessions or shorter briefing sessions on site and can provide materials for your HR team or line managers to cascade to their workforce. Alternatively we can provide an effective knowledge transfer process through our UpLoad service.

If you’re interested in any of our services or would like to find out more about how we can help your organisation with its GDPR journey, call us on 01562 840060 and speak with a member of our team or email us at info@rootshr.org.uk.