Majority of Irish HR departments unknowingly breach GDPR

HR professionals could be opening their companies up to fines of up to €10m or more.

A startling void between HR professionals’ confidence in their GDPR compliance and actual adherence has been revealed.

While an impressive 90% of Irish HR professionals report confidence in their GDPR compliance, a survey by Lahinch firm HRLocker showed an alarming 76% had breached the regulation within the past 12 months. 

“There can be no questioning the HR community’s commitment to GDPR compliance. However, our research shows that despite their best intentions, a lack of resources, training and tech enablement is leading to major implementation issues”

The most prominent GDPR breaches reported are:

  • Insufficient consent: A startling 40% of HR professionals are failing to obtain clear and explicit consent from employees before collecting, processing and storing personal data. While health data (26%) and sensitive personal data (23%) were the most common areas for breach under this category, one in five (19%) of survey respondents had not attained permission to track employees for activities including internet usage, email communication and track their location. A worrying figure in light of the significant rise in remote and hybrid working.
  • Failure to respond to Data Subject Access Requests (DSARs): Under GDPR HR professionals must respond to DSARs within 30 days unless an extension is justified. Despite this, almost a third (32%) of respondents reported exceeding this deadline, with 15% taking over 45 days to respond. 
  • Data retention and management issues: 25% of HR professionals admitted not auditing their employee data for more than six months, with a further 9 percent stating they had not reviewed it in the past year. GDPR specifies that personal data should only be kept for as long as it is needed for the purpose for which it was collected. Furthermore, over half (52%) of HR professionals report having to manage data deletion and anonymisation using manual or semi-manual processes.

The survey, conducted in July 2023 and polling 400 Irish HR professionals, also highlights the administrative burden of GDPR for HR professionals. 

Non-compliance with GDPR can result in penalties of up to €10m for businesses, or 2% of annual turnover, whichever is higher.

Tech enabled HR compliance

The survey, conducted in July 2023 and polling 400 Irish HR professionals, also highlights the administrative burden of GDPR for HR departments, with 76% of respondents acknowledging this challenge.

67% of respondents reported increased resource allocation to meet GDPR compliance demands over the past 12 months and 62% stated it had negatively impacted their ability to focus on core functions such as employee wellbeing, talent acquisition and resource planning.

An overwhelming majority of HR professionals (78%) see technology as an enabler of better, more timely HR compliance. The key areas for improvement include:

  • Automation of data management – 72%
  • Data retrieval and reporting – 66%
  • Automatic policy updates – 64%
  • Enhanced privacy and anonymisation – 30%

However, in order to maximise the benefits of new technologies, HR departments will need to upskill, as the HRLocker survey revealed that one in three (33%) of professionals reported significant gaps in digital competency. 

“There can be no questioning the HR community’s commitment to GDPR compliance. However, our research shows that despite their best intentions, a lack of resources, training and tech enablement is leading to major implementation issues, negatively impacting employee privacy and exposing employers to major fines.,” says Crystel Rynne, COO at HRLocker.

“To successfully navigate the intricate GDPR landscape effectively, organisations must provide them with the tools and support necessary to make GDPR compliance a strategic advantage, all while safeguarding data protection.”

As GDPR compliance remains a priority for HR professionals, HRLocker continues to provide innovative solutions to help ease the burden and ensure organisations remain in compliance with data protection regulations.

ThinkBusiness
ThinkBusiness.ie, powered by Bank of Ireland, has been created for Irish business owners and managers who are seeking information, resources and help on a range of business topics. It provides practical, actionable information and guidance on starting, growing and running a business.

Recommended