Carrying out an audit of your HR data is a significant step towards ensuring you are compliant for the looming GDPR compliance deadline.  

But where to start? And what to capture?

The audit should include personal data on employees, workers, job applicants and any other individuals within the HR area of responsibility, such as contractors, volunteers, interns, apprentices and former employees. The audit should cover data kept on the organisation’s own systems and on third-party systems.

The categories of personal data that would typically be captured by an HR personal data audit include: (Source Xpert HR)

  • recruitment records;
  • paper-based and electronic personnel files;
  • time and attendance records;
  • performance and development records;
  • records relating to disciplinaries and employee grievances;
  • training records;
  • records relating to use of the organisation’s IT and other business systems (eg CCTV, telephone monitoring, email systems and document management systems) that may be used for employee monitoring;
  • travel records;
  • accident records;
  • occupational health referrals;
  • equal opportunity records;
  • payroll, benefits and expenses records;
  • references given by the employer to third parties (eg for employment, or to support mortgage or tenancy applications);
  • employee survey data; and
  • contact details for next of kin and benefit beneficiaries.

You must also ensure that you are including legacy data within your audit, so all of those ex employee’s files you hoped you could forget about! Under GDPR it is important to go through all of the personal data you hold on your current, and ex employees, identify the location of where it is stored and how it is currently processed.

Don’t have the time to do this?

You can outsource the whole project to our team here at South Coast HR to complete for you, or purchase the documents to allow you to do it yourself.  Get in touch for a no obligation quote.