With the GDPR coming into force in May 2018 every business will need to ensure its HR data including its employment contracts comply with the new rules.

What must businesses do?

Businesses must not only comply with the new regulation, but must also show that they comply with the new regulation. The GDPR envisages a culture shift, with a focus more on day-to-day compliance and less on high-risk breaches.


The GDPR will apply from May 25 2018. There is no transition period or ‘soft landing’; businesses will be expected to comply fully from day one.

What do you need?

Template documents

We have put together a guidance note on the implications of GDPR on HR data for HR teams.

As an absolute minimum you will also need:

  • a template privacy notice;
  • a new privacy policy; and
  • new model provisions for UK based contracts of employment.

Be aware that GDPR compliance is a major project for all businesses and each document will need to be tailored to your business. We can assist you with this tailoring process and are happy to give individual quotes depending on your business.

How else can we help you?

However, this is not everything. You will also need to audit your use of HR data.

Free assessment tool

Our free GDPR HR assessment tool helps to identify key areas of risk with regard to GDPR compiance in relation to your HR data by answering a few simple questions. This process is confidential.

This is the absolute minimum each business with employees in the UK needs to comply with GDPR. If you have a large number of UK employees or use HR data in any non-standard way you must take additional advice from our specialist data privacy team and further compliance steps may be needed.