The EU and UK General Data Protection Regulations

What does GDPR mean for HR?

Assuring on-going compliance with EU and UK data protection legislation has placed a significant extra administrative burden on HR teams. With so much personal data to secure, keep up to date, delete, anonymise and report on, effectively managing compliance is impossible without the assistance of HR software.

Cezanne HR is a GDPR-compliant HR system that comes with a host of features designed to help you and your organisation meet legislative requirements.

GDPR management system

The key requirements of EU and UK GDPR for employee data

How do the EU and UK GDPR regimes impact HR?


Data Security

Data relating to an ‘identifiable person’, whether on paper, in a spreadsheet or held in your HR system, must be processed in a manner that ensures its security.

Data Accuracy

Personal data must be accurate and complete, and put right when it is not. The ICO recommends providing data subjects with self-service access to their data.

Data Retention

Personal data should be deleted or anonymised once no longer require for the lawful or legitimate purpose it was initially collected.


You are required to provide information to employees about how (and why) you collect, manage, use and secure their data, and the rights they have over it.


Should you need to obtain consent to process personal data, it must be specific, granular, easy to understand, freely given, affirmative and recorded.


GDPR compliance is a company-wide issue, and HR teams have an important role to play in ensuring employees are appropriately trained and for encouraging a culture of data privacy.

Subject Access Requests

Individuals have the right to request and receive a copy of their personal data in an accessible and secured format within a specific timeframe (usually one month).

Restricted Processing

Employees can request that the processing of their data is restricted, or their data irretrievably removed. This must be balanced with your own legal and lawful needs.

Data Portability

Data subjects (e.g. your employees or job candidates) can ask for a copy of their personal data in a ‘structured, commonly used and machine-readable format’.


Please note: the information on this page is for general guidance only and is not legal advice. For further information about the requirements of the General Data Protection Regulation please visit the ICO website.

We finally have an interactive on-boarding process, also a central location for all personal information to be stored which is quite important with GDPR.


Data Adequacy

Assuring the flow of data between the EU/EEA and the UK

For any organisation with an international workforce, the free flow of HR data between different geographies is essential to assure informed decision-making and effective HR processes.

It is important to be aware that different requirements apply depending on where employees reside and where their information is processed, so you can be sure you have appropriate data protection processes in place.

In the context of the EU, the flow of data is reliant on data adequacy, a status granted by the European Commission to countries outside the EEA who provide a level of personal data protection comparable to that provided in European law. The European Commission has granted the UK adequacy status.

The European Commission has confirmed that the UK had data adequacy. This means personal data can flow freely from the European Union to the United Kingdom, where it benefits from an essentially equivalent level of protection to that guaranteed under EU law.

Further information can be found here:

How Cezanne HR helps

Powerful features we're sure you'll appreciate


Single Data Source

With all your HR data and documents stored in one secure system, you’ll know where everything is, all the time. No more paper files or hard-to-track spreadsheets.

World-Class Security

From data encryption to IS027001 certification and independent penetration testing, Cezanne HR is designed to keep your data safe. Read more about security here.

Automated Data Management

Smart tools allow you to configure your Cezanne HR system to automatically delete or anonymise data based on your rules, saving you hours of time.

Secure Self-service

Employees can check and update their own information, so accuracy is improved, admin reduce and, with workflow authorisations built in, you stay in control of data integrity.


Integrated document generation means it is easy to distribute and track important information, obtain consent when needed, and see when documents haven’t been signed.

Information Hubs

Embedded HR portals and workspaces make it easy to share best-practice advice and ensure everyone knows where to go to find the latest policy documents and guides.

Data Export

Straight-forward reporting and export to Excel helps you respond to data portability or review the data you hold for Subject Access Requests.

Training Visibility

Easily keep on top of compliance training needs and activities and automatically trigger reminders when training or certification need updating.

Compliance Culture

Encourage a security-first approach by embedding it in all of your HR processes, from everyday communications to performance reviews.

Let’s transform HR together

Cezanne HR is trusted by thousands of HR professionals to help them better manage, support, engage and connect their people. Get in touch today to learn more.

Book a DemoAsk a question

More features to explore



Connect your whole workforce, wherever they are, and save everyone time.

Employee self-service

Document management

Take advantage of integrated features for document tracking & e-signatures.

Document management

Global features

Accommodate different ways of working across different departments or countries.

HR Global features