The European Union’s tough new data protection laws require businesses to have an unprecedented level of control over employee information.

The General Data Protection Regulations (GDPR) have placed a spotlight on the HR processes that businesses are using to collect, store and delete any personal information.

They raise the bar in terms of what’s expected of HR, requiring increased levels of accuracy, efficiency and transparency when managing employee data. To achieve this requires an effective onboarding operation.

Employee onboarding is a term for the various processes that HR has in place to handle new hires. Any inefficient control of data during this crucial stage creates the significant risk of GDPR compliance breaches.

It’s a risk that few businesses can afford to take with the EU’s legislation carrying with it a range of stringent punishments for non-compliance – including maximum fines of €20 million.

Compliance risks of manual systems

The challenge for HR teams is to find effective ways of managing new hires which meet the GDPR requirements. For most companies, onboarding is still handled manually with phone calls, emails and paperwork.

It creates a system in which employee information is liable to become scattered across the organisation with a range of data being stored in a variety of formats. This information has to be handled manually with large volumes of employee data needing to be transferred by hand.

It’s this kind of fragmented and disorganised handling of employee data that will make employee onboarding such a vulnerable area in terms of GDPR compliance breaches.

With HR teams using manual communication processes, it’s a problem that increases exponentially as an organisation grows and the number of new hires being handled by HR increases.

Dangers of mismanaged data

HR teams will find themselves struggling to meet the GDPR guiding principles that have been created to help companies understand how employee data now needs to be managed.

These include the need to ensure ‘lawful and accurate’ data with incoming employees being made fully aware of what personal data is being collected and a record of why it’s deemed necessary.

This principle of ‘data minimisation’ makes the use of any general forms or documents during the onboarding process a risk area as companies are liable to collect information that’s not specific to an individual role.

The law also give employees the right to quickly access any of the information that’s being stored about them. Fulfilling these kinds of Data Subject Access Requests (DSAR) is going to be a constant headache for HR teams using manual systems.

Another risk that’s posed by GDPR is the principle of ‘storage limitation’. This requires HR to ensure that any employee data that’s inaccurate or no longer relevant is completely removed from the system.

Fragmented employee information

This is a problem when using manual onboarding processes as information tends to be duplicated while it’s being transferred through the system – moving across forms, emails and spreadsheets.

While HR may remove one data source, the exact same information is liable to remain in the system in the form of duplicated paperwork and legacy versions of documents. Trying to manage this manually presents a serious compliance risk.

To protect themselves against these new legislative threats, more businesses are starting to look at ways to automate their onboarding operations and gain a better control of employee data.