GDPR one year on: HR has compliance confidence but fears fresh Brexit burden

A supplier of global Cloud-native HR software for mid-sized and growing UK and international businesses has revealed that one year on from GDPR coming into effect, an impressive 95 per cent of UK HR professionals feel confident in their compliance with the EU legislation*. However, 76 per cent report that GDPR has imposed a significant burden on the HR department, and the majority (64 per cent) believe data protection will get harder if the UK exits the EU.

The survey, which polled 250 UK HR professionals in May 2019, also showed that the vast majority of HR practitioners (88 per cent) are confident in their understanding of GDPR legislation relating to the retention and deletion of data. This GDPR compliance confidence also correlates with the robust knowledge that HR teams have when it comes to data storage and data security. Results showed that 92 per cent know where their people data is stored, and not far behind, 86 per cent say they have confidence in the security systems that their HR department have in place to protect people data.

While it is good news to see that UK HR professionals are on top of GDPR compliance, it comes at a cost with three-quarters of respondents (76 per cent) stating that GDPR has imposed a significant additional burden on the HR department. For instance, the same high number of respondents (76 per cent) cited an increase in subject access requests (SARs) since GDPR came into effect a year ago.

Commenting on the research, Sue Lingard Director of Cezanne HR says,

HR teams process huge amounts of personal data, and are in the frontline when it comes to deciding what data to collect, how to manage and secure it, who should have access and how long they need to keep it for. It was inevitable that they would have to bear the brunt of compliance activities. The problem is that these activities are ongoing, so the overhead is never going to go away.

Just over half HRs surveyed (52 per cent) also reporting having to manage date deletion and anonymization using manual or semi-manual processes.

Sue Lingard commented,

In my view, HR teams should be asking more of their HR suppliers – and extending access to their systems to their complete workforce, including gig workers and contractors.  For example, most HR systems are sophisticated enough to incorporate tools that let HR teams set up rules that automatically remove or anonymise data in line with different legislative requirements. That would remove a lot of the administrative burden from HR, and ensure that important compliance steps don’t get overlooked.

Interested in HR analytics? We recommend Mission Critical HR Analytics Summit 2019.

*revealed by Cezanne HR





Aphrodite is a creative writer and editor specialising in publishing and communications. She is passionate about undertaking projects in diverse sectors. She has written and edited copy for media as varied as social enterprise, art, fashion and education. She is at her most happy owning a project from its very conception, focusing on the client and project research in the first instance, and working closely with CEOs and Directors throughout the consultation process. Much of her work has focused on rebranding; messaging and tone of voice is one of her expertise, as is a distinctively unique writing style in my most of her creative projects. Her work is always driven by the versatility of language to galvanise image and to change perception, as it is by inspiring and being inspired by the wondrous diversity of people with whom paths she crosses cross!

Aphrodite has had a variety of high profile industry clients as a freelancer, and previously worked for a number of years as an Editor and Journalist for

Aphrodite is also a professional painter.