GDPR and the HR Dept

I read an interesting article in HR Grapevine Magazine today, and it struck a chord with me. Actually, it rang a bell in my head loud and clear.

GDPR and the HR Dept

Both are very close to my heart. Partly because I am a practitioner in both fields, and partly because I believe they are intricately intertwined, besties in the world of 'treating people's personal information right'.

But also because, if my long career in HR has taught me nothing else, it is that there is a very high likelihood that GDPR compliance will somehow wash up at HR's door when IT or legal are finished with it early next year.

Those of you who are fellow HR practitioners are no doubt nodding your heads wryly as you read this.

Forewarned is forearmed

As they say, forewarned is forearmed. GDPR will impact all businesses, and all departments, except for those that genuinely have absolutely zero contact with any kind of personally identifying data.

To date, I am struggling to think of where that may be, other than an automated factory, but I am sure there are some isolated areas of work yet to occur to me where this applies.

Returning to my point - this new legislation will impact all areas in all businesses, from sole traders up to the biggest corporates. It will set a new bar for global data sharing. It will force businesses (in many cases unwillingly) to think a lot harder about what personal data they process, and why.

It will generate new ways of working, new ways of engaging with customers, new jobs (according to the International Association of Privacy Professionals (IAPP) there will be anywhere between 28,000 and 75,000 new DPO roles needed), and undoubtedly new responsibilities for HR departments to design and deliver the required training and data protection awareness to employees.

And let's be clear, by 'employees' we mean anyone operating for, or on behalf of, an organisation that may come into contact with personal data during the course of the tasks they carry out for that business.

That means ensuring all full-time, part-time, contractors, temps, graduates, freelancers, interims, interns, apprentices and volunteers will be included in the 'workforce' who will need this training and awareness delivered to them as part of the initial compliance set up, and on an ongoing basis.

The GDPR is a big deal; it will need a similar approach to embedding and entrenching within all business practices as has been employed previously for embedding Health and Safety legislation and practice.

All businesses take H&S seriously (and rightly so; the ones that don't end up as cautionary tales), and so the same approach should be taken with GDPR.

Step Up

This may not be the news that HR wants to hear - believe me, I have daily conversations with business owners and managers along the same lines about the shake-up, and the inconvenience it poses to businesses in general. I can genuinely imagine some HR departments groaning at the thought of the impact GDPR will have on them.

But, don't be dismayed - I say own it!

The earlier that HR as a function can come to terms with the changes, start getting themselves in good order, and working with businesses to shape up for the future, the better.

And what an opportunity!

HR professionals are used to dealing with certain levels of business reluctance to adopt new practices. HR professionals bend their efforts to working with managers on risk management, and helping leadership teams embrace change.

HR and L&D teams are quite likely to be handed the hat make sure "everyone knows what to do for GDPR".

Opportunity Knocks

That's just fine by me - what better opportunity to show value?

How many similar chances to impact a business will come around in our current careers, that will enable HR as a function to step up in every organisation, every industry, and at the same time?

HR is a function that is typically accustomed to translating complex legislation into practical business operations. As such, I believe HR is an ideal business partner for implementing GDPR compliance within businesses. That, by the way, is my tagline, when I am challenged on why I do what I do, and I am proud of it.

There is no reason why GDPR should be the remit of the IT department, or sit within Legal, or be the forte of Marketing. There is also no reason why HR should be last to the party on this.

The GDPR is the biggest change to business operations in a generation, so I say let's be in the front seat.

The HR GDPR Movement

For those of you interested in learning more about how GDPR impacts HR as a function, I will be launching a series of training initiatives, aimed at people functions across the board for all size businesses, from freelance HR consultants to larger teams and departments.

If you are interested in learning more about this, or want to be among the first to know when my first sessions and tools will be launched, send me an email to or connect with me on social media on either my Sphere HR or Sphere Data Protection pages and handles.

I'm looking forward to working with you all!

#GDPR #smallbusiness

Featured Posts
Posts are coming soon
Stay tuned...
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square