National: Three in four HR departments in Ireland breach data regulations

THREE in four human resource departments in Ireland breach GDPR regulations, a survey has found.

HRLocker, an Irish-owned HR company which provides compliance platforms services for businesses, revealed that 76% of HR professionals’ have breached data protection regulations in the past year.

GDPR relates to a person’s privacy and security in terms of data. The EU general data protection regulation is the strongest privacy law in the world.

The survey, conducted in July 2023 and polling 400 Irish HR professionals, found a stark contrast between professionals' confidence in their GDPR compliance, compared to their adherence to the regulation. 

Funding crisis could close busy Ballybofey school warns principal

"I began looking to see what money was available to support them here at school but the Department of Education immediately said there was no funding available because the children were enrolled after September 30. That is the department’s cut-off point so whatever number you have enrolled at that stage is final. They don’t have any flexibility"

While 90% of Irish HR professionals report confidence in their GDPR compliance, the survey showed that 76% had breached the regulation within the past 12 months. 

“There can be no questioning the HR community’s commitment to GDPR compliance,”  said Crystel Rynne, Chief Operating Officer at HRLocker. 

“However, our research shows that despite their best intentions, a lack of resources, training and tech enablement is leading to major implementation issues, negatively impacting employee privacy and exposing employers to major fines.

“To successfully navigate the intricate GDPR landscape effectively, organisations must provide them with the tools and support necessary to make GDPR compliance a strategic advantage, all while safeguarding data protection,” Ms Rynne concluded.

The most prominent GDPR breaches reported are:

Insufficient consent: 40% of HR professionals are failing to obtain clear and explicit consent from employees before collecting, processing and storing personal data. 

Failure to respond to Data Subject Access Requests (DSARs): Under GDPR laws, HR professionals must respond to DSARs within 30 days unless an extension is justified. Despite this, almost a third (32%) of respondents reported exceeding this deadline, with 15% taking over 45 days to respond. 

Data retention and management issues: A quarter (25%) of HR professionals admitted not auditing their employee data for more than six months, with a further 9 percent stating they had not reviewed it in the past year. GDPR specifies that personal data should only be kept for as long as it is needed for the purpose for which it was collected.