Web and Social Media Services

The way we manage data has changed beyond all
recognition in the last few years. Filing cabinets are fast
becoming a 21st Century dinosaur, no one uses rolodexes
anymore and the vast majority of businesses are
switching to computer, online and cloud-based services.
But the laws governing how that data is managed haven’t
kept pace with this change. Until now.
You may have heard of GDPR, you may even have
penciled it in your diary but do you know what it really
means for your business? Or what you need to do? Data
protection rules are changing and even if you’re a small
business you need to be prepared for them and make
sure you’re compliant. Good HR software is a valuable
tool to help make sure you’re prepared and compliant
with the new regulations.
What is GDPR
The mere mention of GDPR (or the General Data
Protection Regulation to give it its full name) can strike
fear into the hearts of many small business owners and
managers. But GDPR, which comes into force on May 25,
2018, isn’t complicated.
GDPR is a regulation which is being introduced by the
European Union to strengthen the laws surrounding data
protection and storage. The UK government has already
decided to adopt the legislation regardless of Brexit.
Data storage and management have changed
dramatically since the last data protection laws came into
force in 1998. Back then, the internet was in its infancy,
cloud-based services didn’t exist, and much employee
data was stored in manila folders in grey filing cabinets.
GDPR will bring the law up to date and more in alignment
with current technological changes.
GDPR will introduce much tougher fines (up to €20 million
or 4% of annual turnover) in the event of a serious data
breach or non-compliance. It will also give people a much
greater say over what data is stored on them and how
organisations use it. It also harmonises data protection
throughout EU member states and applies not just to EU
companies but to any company doing business in the EU,
even if they’re based outside the EU.
Who is responsible
If your business collects and stores data on computers or
in organised filing systems, then you’ll be subject to data
protection laws – this includes employee personal data.
Whether you still rely on a paper system or have moved to
an online HR software you have a responsibility to
manage that data properly. It includes not just data
collected on customers but any data you hold on your
employees as well.
The onus of responsibility is put directly on data
controllers (employers) and processors (HR managers) to
identify any potential compliance issues within their
business and to review how personal data is being stored.
Here are some questions to ask yourself to make sure
you’re ready for GDPR and to demonstrate how HR
software can help.
Five questions to ask
Under GDPR, any data breach has to be reported to the
Data Protection Act within 72 hours. This highlights the
real issue of having all of your employee data within a
spreadsheet or a filing cabinet.
There is no real way of knowing whether there has been a
data breach. A filing cabinet has unlimited access to
anyone who walks into that room and any data within a
spreadsheet is not encrypted. It’s also impossible to know
who has made copies of that spreadsheet and where they
are now.
Before May, you must conduct an audit on your data
storage systems and how this data is shared. For
example, holding a photocopy of someone’s passport
within in a filing cabinet or just saving a scanned copy
onto a hard drive would raise some concerns. Using
secure HR software means you can take back control of
the data you hold.
Is the data you’re responsible
for actually secure? 1
Staying GDPR compliant
With breathe you’ll have the peace of mind that
all of your documents are stored securely, hosted
within the world’s most popular data hosting
company, AWS-EU.
Anything you upload to breathe can also be
shared securely since everyone has an
individual, password protected, login to breathe
and will have been set different user permissions.
Documents can be shared with specific
permission levels and individuals securely, so
you always know who does and doesn’t have
access to certain documents.
Is the data you’re responsible
for actually secure?
Five questions to ask
It’s always been the case that employees are able to find
out what HR-related personal data is being held.
However, from the 25th May, you must now provide them
with this information for free upon request. It’s
imperative now, more than ever, that you have a system
in place that allows you to quickly provide this
Ask yourself the question, “how long would it take me to
retrieve all the data I hold on one of my employees?”.
After GDPR comes into play you will have to answer this
question ‘without delay and at the latest within one month
of receipt’. Removing the cost barrier so that you have to
provide this information free of charge will also likely
cause an increase in requests.
How quickly can you access
personal data? 2
Staying GDPR compliant
Having a centralised, secure and cloud-based HR
system in place removes the uncertainty of
whether you would be able to accurately find all
the data you hold on your colleagues.
Moreover, you can pull up this data in an instant
without rooting through filing cabinets and
spreadsheets saving you valuable time and
Viewing reports online, or exporting them as
understandable documents means you always
have access to the exact data you need for that
moment. Since everything is there you know
you’re not going to be missing anything which got
hidden in a filing cabinet somewhere.
How quickly can you access
personal data? 2
Five questions to ask
To remain compliant, you will need to ensure that any
personal data stored is accurate and up to date. Any
requests to update data must be dealt with quickly, again
without delay and at least within one month.
It is also your responsibility as the data controller to make
sure that the information you hold is regularly reviewed
and any inaccurate records are corrected promptly.
Is the data you hold
accurate and up to date? 3
Staying GDPR compliant
Self-service HR software, like breathe, makes
keeping records up to date incredibly easy, by
providing your employees with a way to always
know what data you hold on them and the ability
keep it updated. House moves, or mobile number
changes no longer need emails or scraps of
paper but can be done quickly and simply by the
Employees can upload all the information your
company needs right from the word go. Gathering
employee data is quick, easy and data is stored
securely. Approval workflows and privacy settings
mean you always have control over what gets
updated and who can see what.
Is the data you hold
accurate and up to date? 3
Five questions to ask
Keeping data accurate also includes removing any data
which is no longer required. Having the ‘right to be
forgotten’ is now a common and accepted practice which
GDPR will bring into law.
Therefore, do you have processes in place to make sure
any records you no longer need are securely disposed of?
This is tricky to be certain of when there is no centralised
database of personal information.
Can you remove all personal
data that’s no longer required? 4
Staying GDPR compliant
Any information stored in breathe can easily be
found and easily deleted. We do not hold onto the
data and once it’s gone and there is no way for it
to be recovered.
Only with a strong HR system in place can you
be sure that you comply with an individual’s right
to be completely forgotten.
Can you remove all personal
data that’s no longer required? 4
Five questions to ask
The GDPR sets a high standard for consent, it’s important
to be transparent about the data you hold and how
you’re using it.
Employee data can be retained and processed on the
basis that it is necessary under their employee contract,
for example holding someone’s National Insurance
number or right to work in the UK documents. However,
GDPR strengthens the conditions for consent, meaning
permission that was obtained as part of the terms and
conditions of older employment contracts may no longer
be enough.
Explicit consent may need to be given by employees for
the retention and processing of sensitive personal data so
it’s important to assess this before May 2018 and make
sure you can prove you have gained sufficient consent.
The GDPR also means that your employees have the right
to withdraw consent at any time.
Can you prove consent to
use the data you hold? 5
Staying GDPR compliant
Transparency of data is achieved through
employee self-service. Since everyone has
access to view and even edit the personal data
which is being stored on them there are never
any surprises. This would simply not be possible
if having to liaise with various spreadsheets or
paper-based records.
Furthermore, having this data to hand and visible
to each employee means you can run updated
consent requests which comply with GDPR.
HR software also provides you with centralised
document storage meaning it is simple to search
through contracts and declarations of consent
making sure that everything is up to date and
complies with GDPR standards.
Can you prove consent to
use the data you hold? 5
Benefits of HR software
Helping to stay compliant with GDPR is one of many of
the benefits to using an HR software like breathe.
breathe makes managing people simple, will save you
(and everyone else) a lot of time and will keep your most
valuable asset, your people, happy and focused on the
job at hand.
Here’s what others have said:
The user-friendly nature of the site has made the
transition smooth and we now almost can’t remember
what life was like before breatheHR. I would warmly
recommend it to anyone wanting an easier life. Using
breatheHR saves us so much time.

As a manager I love the fact that everything I need is
all in one place – absence records, leave requests,
staff contact details, policies, and procedures – the
list is endless. We also appreciate the support and
training received from the breatheHR team. I
wouldn’t be without it!”

At breathe we’ve developed a complete, cloud-based HR
software solution specifically for small and medium-sized
businesses. Our software puts your business in control of
all HR functions, processes, and employee data. It lets
you manage employee data, payroll, expenses, benefits,
recruitment, onboarding, training, absence, workloads,
performance and more.
breathe offers a flexible, secure and reliable way to
manage, advocate for, and communicate with your
people. It’s the perfect solution for keeping on top of the
day-to-day, and for maximising employee engagement.
Our user-friendly visibility dashboards, comprehensive
analytics, and extensive reporting facilities make sure
your business is operationally efficient.
Stay GDPR compliant and
revolutionise your business
with breathe
Try breathe
for FREE!
No credit card required. Cancel anytime. No hidden costs.