HR Glossary
GDPR Compliance
What is GDPR Compliance?
GDPR compliance refers to following the rules set out in the General Data Protection Regulation (GDPR), a data protection law introduced in the European Union in 2018. GDPR was designed to give individuals more control over how their personal data is collected, stored, and used by organisations. Even after Brexit, the UK has its own version, the UK GDPR, which mirrors many of the same principles.
Any organisation that processes personal data must ensure that it does so lawfully, fairly, and transparently. Personal data covers any information that can identify an individual, such as names, email addresses, health information, or employment records.
Key Principles of GDPR
To comply with GDPR, organisations need to adhere to several core principles:
Lawfulness, fairness, and transparency: Data must be processed legally, openly, and in a way that individuals understand.
Purpose limitation: Data should only be collected for specific, clear purposes and not reused in ways that are incompatible with those purposes.
Data minimisation: Only the data needed to achieve a purpose should be collected.
Accuracy: Information must be kept up to date.
Storage limitation: Data should not be stored for longer than necessary.
Integrity and confidentiality: Data must be handled securely to prevent unauthorised access, loss, or damage.
Examples of GDPR Compliance in Practice
Marketing consent: A business must ask customers to actively opt in to marketing emails, rather than adding them to a mailing list automatically.
Data subject rights: Employees have the right to access the information an organisation holds about them and request corrections or deletion.
Secure storage: Companies must use appropriate safeguards such as encryption and access controls to keep sensitive data safe.
Breach notification: If a data breach occurs, the organisation must report it to the Information Commissioner’s Office (ICO) within 72 hours and, in some cases, inform affected individuals.
Why GDPR Matters for Employee Data
Employee information is highly sensitive. It may include health records, absence reasons, performance data, and personal contact details. Mishandling this data could cause harm to individuals and expose organisations to serious legal and financial consequences. GDPR ensures that employees can trust their employer to protect their privacy and handle their information responsibly.
GDPR Compliance in the GoodShape App
The GoodShape App is built with GDPR compliance at its core, ensuring both employers and employees can use the platform with confidence. Because the app processes sensitive personal and health data, strict measures are in place to protect privacy and maintain compliance:
Lawful basis for processing: Data is collected only for legitimate purposes, such as managing employee absence, supporting wellbeing, and ensuring employers meet their duty of care.
Transparency: Employees are informed about what data is collected, why it is needed, and how it will be used. This includes clear privacy notices accessible within the app.
Data minimisation: Only the information required to support absence management and wellbeing is captured, avoiding unnecessary or excessive data collection.
Security: The app uses robust technical and organisational measures to protect personal data, including secure encryption, restricted access, and continuous monitoring.
Access and control: Employees can exercise their GDPR rights through the app, such as requesting access to their data or understanding how it is being processed.
Retention and deletion: Data is not kept longer than necessary. The app follows defined retention policies, ensuring information is securely deleted when no longer required.
GDPR compliance is about more than just avoiding fines, it’s about building trust and demonstrating respect for people’s privacy. For employers, it ensures sensitive employee data is managed responsibly and securely. For employees, it provides reassurance that their information is handled fairly and transparently. The GoodShape App is fully aligned with GDPR principles, combining the highest standards of data protection with practical tools that support employee wellbeing and absence management.