The General Data Protection Regulation

HR's role and responsiblities

The General Data Protection Regulation (GDPR) came into effect on May 25th 2018, and applies to the processing of ‘personal data’ of EU nationals, irrespective of where they work or live.

As the collectors, processors and custodians of huge amounts of personal data, HR professionals are firmly in the front line of compliance. Discover how Cezanne HR’s robust, secure and GDPR-compliant HR system can help you with your own compliance.

See how Cezanne HR helps
GDPR management system

The key requirements of GDPR

What you need to know


Data Security

Data relating to an ‘identifiable person’, whether on paper, in a spreadsheet or held in your HR system, must be processed in a manner that ensures its security.

Data Accuracy

Personal data must be accurate and complete, and put right when it is not. The ICO recommends providing data subjects with self-service access to their data.

Data Retention

Personal data should be deleted or anonymised once no longer require for the lawful or legitimate purpose it was initially collected.


You are required to provide information to employees about how (and why) you collect, manage, use and secure their data, and the rights they have over it.


Should you need to obtain consent to process personal data, it must be specific, granular, easy to understand, freely given, affirmative and recorded.


GDPR compliance is a company-wide issue, and HR teams have an important role to play in ensuring employees are appropriately trained and for encouraging a culture of data privacy.

Data Subject Requests

The GDPR now requires a quicker and more comprehensive response to these requests, and removes the right to charge (at least the first time).

Restricted Processing

Employees can request that the processing of their data is restricted or their data irretrievably removed. This must be balanced with your own legal and lawful needs.

Data Portability

Data subjects (e.g. your employees or job candidates) can ask for a copy of their personal data in a ‘structured, commonly used and machine-readable format’.


Please note: the information on this page is for general guidance only and is not legal advice. For further information about the requirements of the General Data Protection Regulation please visit the ICO website.

If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.

How Cezanne HR helps

Powerful features we're sure you'll appreciate


Single Data Source

With all your HR data and documents stored in one secure system, you’ll know where everything is, all the time. No more paper files or hard-to-track spreadsheets.

World-Class Security

From data encryption to IS027001 certification and independent penetration testing, Cezanne HR is designed to keep your data safe. Read more about security here.

Automated Data Management

Smart tools allow you to configure your Cezanne HR system to automatically delete or anonymise data based on your rules, saving you hours of time.

Secure Self-service

Employees can check and update their own information, so accuracy is improved, admin reduce and, with workflow authorisations built in, you stay in control of data integrity.


Integrated document generation means it is easy to distribute and track important information, obtain consent when needed, and see when documents haven’t been signed.

Information Hubs

Embedded HR portals and workspaces make it easy to share best-practice advice, and ensure everyone knows where to go to find the latest policy documents and guides.

Data Export

Straight-forward reporting and export to Excel helps you respond to data portability or review the data you hold for Subject Access Requests.

Training Visibility

Easily keep on top of compliance training needs and activities and automatically trigger reminders when training or certification need updating.

Compliance Culture

Encourage a security-first approach by embedding it in all of your HR processes, from everyday communications to performance reviews.

You might also like…


Buyers guide to HR software book

Looking to take HR digital?

Investing in a new HR system is a big step, especially if you are looking to go digital for the first time. This guide explains what to look for in a modern HR system and what to avoid, so you can make decisions with confidence.

Read Free Guide

People at desk with GDPR in backgorund

GDPR: Building a culture of responsibility

Having rules in place doesn’t mean everyone follows them. Drawing on research from Deloitte, discover how to build and maintain a culture of personal responsibility.

Learn how-to

Risk meter pointing at high

Could your HR record-keeping put your business at risk?

Reliable data and data management isn’t just important for the General Data Protection Regulation. Discover what else could go wrong if you don’t keep accurate records.

Read the blog

Sign up to our Newsletter

Subscribe Now