1 mins readGDPR in HR refers to how the EU General Data Protection Regulation applies to employee and candidate personal data. It sets rules for lawful processing, storage, access, and deletion of workforce information.
What is GDPR in HR
GDPR in HR requires employers to handle personnel data transparently and securely. HR must document purposes for processing, limit data to what is necessary, and respect data subject rights such as access and rectification.
How does it work
HR teams implement policies, privacy notices, and technical controls. They rely on legal bases like consent or contractual necessity and run impact assessments for high risk processing such as background checks or health data handling.
Practical usage and examples
Where and why it is used in organisations:
- Recruitment: store candidate CVs only with a lawful basis and defined retention periods
- Onboarding and payroll: use data minimization and secure transmission for tax and bank details
- Workforce management: restrict access to performance reviews and health records
Realistic scenarios include responding to subject access requests, documenting consent for sensitive data, and reporting breaches.
Related HR concepts
Closely related terms include data privacy, data retention policy, data breach response, employee consent, and cross border data transfer rules. These guide compliant HR operations.