Login
Book a demo
Search
×
Login
Book a demo
Icon-light
HR Software

Lorem ipsum dolor sit amet consectetur. Id a vitae aliquet velit pellentesque ultricies.

Read More

People Management

Icon-1 Performance Management

Icon-1 Applicant Tracking System

Icon-1 Onboarding and Offboarding

HR Management

Icon-1 Time Tracking

Icon-1 Leave Management

Icon-1 Employee Database

Icon-1 Reporting & Analytics

Icon-1 Document Management

Icon-1 Electronic Signature

Icon-1 Project Management

Icon-light
Newsletter

Lorem ipsum dolor sit amet consectetur. Id a vitae aliquet velit pellentesque ultricies.

Subscribe

Education

Icon-1 Blog

Icon-1 Webinars

Icon-1 Podcasts

Icon-1 Downloads

Icon-1 Support Forum

Icon-1 FAQ

Calculators

Icon-1 Return on Investment Calculator

Icon-1 Holiday Calculator

Icon-1 Bradford Factor Calculator

Icon-1 Digital Maturity Calculator

Icon-1 Employee ROI Calculator

Icon-light
Our Story

Lorem ipsum dolor sit amet consectetur. Id a vitae aliquet velit pellentesque ultricies.

Learn More

Company

Icon-1 Careers

Icon-1 Sustainability

Icon-1 Diversity and Inclusion

Icon-1 Awards and Accreditations

Icon-1 Press Room

Partners

Icon-1 Become A Partner

Lorem ipsum dolor sit amet consectetur.

Icon-1 General Enquiry

Got a question? We’re happy to help – reach out to our team.

Icon-1 Contact Support

Need assistance with your account? Our support team is here for you.

Icon-1 Schedule a Call

Book a quick sales call with our team to chat through your needs.

Icon-1 Demo Request

See HRLocker in action – request your personalised demo today.

Icon-1 Become a Partner

Interested in partnering with HRLocker? Let’s explore opportunities.

GDPR and HR

5 min read

March 20, 2018

Some of the most topical questions we’re asked at the moment are understandably regarding HR and GDPR (General Data Protection Regulations).

First of all, it’s important to clarify that no HR or recruitment software solution will ensure you’re instantly compliant when handling employee data or managing consent.

Outside of the integrity of the supplier and their security standards and data storage locations, it's your policies, not your system, that will ensure you meet compliance requirements.

That being said, dependent on their infrastructure, many HR systems will assist you greatly in meeting requirements in line with the right policies being defined.

For HR professionals concerned about the impact that GDPR has on people management and talent acquisition, there are plenty of online checklists, official guidelines for both the UK and Ireland, and extensive advice and legal notes are available.

How Will HRLocker Help You Meet Your Compliance Obligations

  • EU data centres: First of all, HRLocker and HIRE, our Applicant Tracking System, are only hosted within the data centres located in the European Union.
  • HRLocker uses the Microsoft Azure platform to securely store your data in Europe, across multiple data centres for extra backup and redundancy. We're happy to supply further documentation on our information security (IS) infrastructure and standards.
  • Wider information security standards: HRLocker is certified and regularly reviews its information security practices and policy in accordance with the principles of the enhanced ISO 27001 standard. This ensures the highest possible levels of data security that both includes and goes beyond the GDPR specifications.
  • Tools for the job: HRLocker does not make you compliant – but it is an ideal instrument to help you ensure diligence, meet governance, and manage data appropriately.
  • For more information, see our:

Think Beyond GDPR

You should check in your region about extra legislative requirements on data retention. This might include data retention laws on what information you’re obliged to keep for legal reasons that might otherwise conflict with or supersede general GDPR commitments.

For example, with HR software systems that have a strong element of employee self-service in how they manage their personal contact details and similar data, is it reasonable to keep next-of-kin records following a team member’s exit from the organisation?  Perhaps it could be if there is a life insurance policy or pension attached to a deceased team member that can benefit their partner or spouse.

Another example is construction workers. In some jurisdictions, former workers’ records must be held indefinitely, in case they were ever in contact with asbestos. In cases such as these, you need to retain the relevant data.

Again. This is you meeting your relevant policies and obligations to ensure wide compliance, not the system. The system just enables this customisation for your specific case.

HRLocker allows you to trim down information retained for tangible or legal reasons – and demonstrate that in one central location.

How to Calculate ROI from HR Software

Setting your policies

Ultimately, it's your policies meeting regulations that will make you compliant.

Let’s take recruitment and the retention of CVs you receive as an example. How long should you keep applicant details following a job application?

What is a realistic and justifiable period to retain this information in line with your recruitment pipeline’s lifecycle? Only you can define this—not the system.

Do you inform applicants about your policies and the reasons behind them? For instance, you might state in an automated response to applicants that you like to keep CVs for future or alternative opportunities you may have,  and ask that they tick a box to confirm their consent.

HIRE - HRLocker's integrated, end-to-end recruitment and onboarding platform - is secure and will satisfy auditors ‘ security standards. However, you will only be GDPR compliant if you have a policy that clearly outlines the appropriate reasons and purposes for storing data.

The HRLocker system is fit for purpose, but you must define the policy template for retention periods – and explain why they are set to the agreed-upon period. With a cloud solution like HIRE of HRLocker, it’s easy to manage and demonstrate diligent handling and purging of data should you get a request to delete data.

If you have disparate records in multiple systems or can't refer to a supplier’s Information Security Standards, then you are leaving yourself – and your data subject’s details – in a vulnerable position.

How HRLocker Handles Data

During a customer’s lifetime as an HRLocker client, HRLocker will act responsibly as both a data controller and processor.

HRLocker will never delete the client’s data – until an account is terminated – and then all data is deleted permanently from the system. We only retain information such as customer account financials to meet our GDPR and data compliance responsibilities.

Therefore,  it’s your responsibility to manage the data held within the system. And to remove it and manage it responsibly once you have extracted it.

In Summary

HRLocker will not automatically make your data GDPR-compliant. Only you can do that by setting the appropriate policies. HRLocker does, however, give you all the tools to manage data responsibly and demonstrate your levels of accountability and our integrity as a supplier. All data is stored in the EU.

GDPR and HR was last modified: July 30th, 2025 by Agile Communications
Book_a_Demo_Section