What is GDPR and How
Will It Impact HR and


Get answers to your GDPR FAQs
Follow ADP’s GDPR FAQ video series and learn from the ADP experts at the forefront of helping our clients comply with the Regulation’s requirements.

Watch Now

Wherever you are in the world, if you do business in the European Union or handle EU residents’ personal data, starting May 2018 the European General Data Protection Regulation (GDPR) is set to change the way you manage data.

With penalties for non-compliance representing 4% of worldwide revenue (or €20 million, whichever is higher), companies cannot afford to ignore GDPR.

Did you know?

33% of HR leaders are concerned about data privacy and GDPR.

Source: IDC Executive Brief: “Cloud,Compliance and the Case for HR Transformation to Support Your HCM Strategy”, 2017

What defines “personal data” within the GDPR?

Personal data under GDPR is literally any information that could identify any aspect of an individual’s personal, public or professional life. Examples include; a person’s name, address, phone number, email address, IP address, and cultural, economic and biometric information.

GDPR protects not only identifiable individuals, but also individuals who could be ‘singled out’ among others, even if they can’t be directly identified.

Infographic: GDPR at a Glance

See how HR professionals view the GDPR privacy principles.

New Responsibilities for HR Leaders

GDPR affects all HR applications that process personal employee data, for example, payroll systems, talent administration solutions, and travel/expense tools. HR teams must comply with the strict rules GDPR sets for resident EU employees’ personal data.

Certain articles of the regulation have dominated the headlines – including individuals’ right to be forgotten (having their personal data deleted altogether) or right to access their personal data, for example. Some other points to consider:

Update staff and applicants with privacy notices

Under GDPR, you will have to update your staff and applicants with privacy notices that specify what is the purpose of the processing and what is the legal basis for such processing, and whether you will be transferring their data out of the EU.

Transfer personal data out of the EU

HR will have to implement a lawful mechanism to transfer personal data out of the EU (for instance, by adopting Binding Corporate Rules, using Standard Contractual Clauses or by only transferring data to ‘adequate’ destinations or under the US Privacy Shield.

Notify the data protection authorities

Data controllers, a person or group that oversees the means by which personal data is processed, must notify the data protection authorities within 72 hours if there has been a data breach that could potentially jeopardize the rights and freedoms of individuals. Failure to report within this timeframe may result in fines.

Document and demonstrate compliance

HR will be expected to document and demonstrate compliance with GDPR, such as being able to provide a registry of applications, processes, and categories of data being processed by your organization.

This adds up to a lot of new responsibility for HR leaders to ensure compliance and avoid penalties. GDPR will require more of HR’s time, more technology and possibly even more personnel.

How an Outsourced HCM Solution Can Help

Given the complexity of compliance, it is not surprising that over three quarters of HR leaders are using GDPR and other data privacy legislation as a driver for seeking an outsourced HCM solution.

Why outsource? Your company may not have the technical expertise or resources to carry out the necessary changes ahead of GDPR, and outsourcing your HR data processing to a cloud-based HCM provider like ADP can go a long way toward reducing the burden of accountability.

ADP has been preparing for GDPR for a long time, and can help our clients be positioned to meet the requirements of this demanding new age in European privacy protection.

HR leaders face a lot of considerations as they gear up for compliance with GDPR…Cloud-based, or outsourced, HR data processing can help reduce risk, and assist with data protection and compliance with legal obligations.

Cécile Georges,
Chief Privacy Officer, ADP

Start Preparing Now

We recommend you start your GDPR compliance journey by listening to the recording of this top-rated GDPR webinar. Hosted by ADP data privacy experts, this 51-minute session will guide you through your upcoming obligations as an employer doing business within the EU and help you start to think about how you can prepare for the new European privacy principles.

Within the webinar are complementary assets, including:

  • An exclusive executive brief from global market intelligence firm IDC ('Cloud, Compliance and the Case for HR Transformation to Support Your HCM Strategy')
  • GDPR 'safety instructions' for HR leaders, finance officers and IT managers
  • An easy-to-read brochure on how ADP's Privacy Program works to protect our clients' data
  • A special GDPR Q&A document, answering the real questions asked by webinar attendees from across the HR, finance and IT disciplines

Listen to the Latest Webinar:

Workplace Compliance Spotlight: What Employers Need to Know About The General Data Protection Regulation (GDPR)

Listen Now

Additional GDPR Insights

Let's talk.

Call 800-225-5237