The simple answer to the question, “does GDPR apply to employees?”, is that yes it does. Businesses cannot only think about complying with the General Data Protection Regulation (GDPR) in respect of clients, it applies just as much to the people who work for the business.
It is important that businesses ensure that they are meeting all of their obligations, when it comes to protecting the personal data of employees, and enabling employees to access this data. If businesses do not comply with GDPR in this way they could be faced with a series of sanctions, including fines.
What does this mean for HR?
It is important that Human Resources (HR) professionals understand the implications of GDPR. For instance, it is no longer sufficient to include a paragraph in an employment contract, regarding the use of personal data, and regard the signing of the contract as the given consent. GDPR stipulates that the giving of consent must involve an informed action by the individual.
Of course, businesses can use other legal requirements as a reason for processing personal data, as opposed to consent. However, they have to be careful that they only process data that directly relates to this requirement.
It is also important to note that employees will have access to the personal data that is being processed, and should be aware of what the data is being used for at all times. This means that businesses will need to audit the personal data they hold, ascertain that it is being held legitimately, ensure that it is up to date, ensure that any necessary consent is in place and ensure that data is kept securely, and can be easily provided to an individual, when necessary. All of this work will need to be carried out, in order for a business to comply with GDPR.