GDPR

What is the GDPR?

The General Data Protection Regulation (GDPR) is an EU-wide regulation for the protection of personal data.
It specifies how companies may collect, store, process and pass on data from employees, customers and business partners.

The GDPR is particularly relevant for HR departments, as a large amount of personal data is processed here - from application documents and sick notes to performance reviews.

What are the basic principles of the GDPR?

The GDPR is based on several key principles:

Lawfulness, processing in good faith
→ Data may only be collected for permissible purposes and with transparent processes.

Data minimization
→ Only necessary data may be recorded and stored.

Transparency & duty to provide information
→ Employees must be informed which data is processed and for what purpose.

Integrity & Confidentiality
→ Protection of data against loss, unauthorized access or manipulation.

Compliance with these principles is mandatory for companies.

What data is covered by the GDPR in the HR sector?

In the HR context, the GDPR affects the following data, among others:

• Master data (name, address, date of birth)
• Contract and salary information
• Application documents and selection processes
• Sick notes, absences, performance appraisals
• Personal notes or feedback

HR departments must ensure that this data is only used for legitimate purposes and is properly protected.

What obligations do companies & HR departments have?

Companies must implement systematic data protection management:

• Documentation of all data processing procedures
• Creation of data protection declarations and information obligations
• Training of employees and managers
• Implementation of technical and organizational measures (e.g. encryption, access controls)
• Reporting data breaches to supervisory authorities

For HR, this means secure storage of personnel files, controlled access to sensitive data and transparent communication with employees.

What should employees look out for?

• Know your own data rights (information, correction, deletion)
• Only pass on data via official channels
• Contact HR or the data protection officer if you are unsure

For companies & HR:
→ Conduct regular training courses and audits
→ Standardize data protection in processes
→ Use GDPR-compliant software solutions

Why is the GDPR important?

For employees:
→ Protection of personal data, transparency about data processing and control over your own information

For companies:
→ Legal certainty, building trust, avoiding fines and reputational damage

The GDPR is therefore a central component of modern HR work and corporate management.

Would you like to find out more about Personalwolke?

Matching contributions

{ „faqs“: [ { „question“: „What is the GDPR?“, „answer“: „The General Data Protection Regulation (GDPR) is an EU-wide regulation for the protection of personal data that defines how companies may collect, store and process data.“ }, { „question“: „What are the basic principles of the GDPR?“, „answer“: „The basic principles are lawfulness, data minimization, transparency, integrity and confidentiality of data.“ }, { „question“: „What data in HR is covered by the GDPR?“, „answer“: „Personal HR data such as master data, salary information, application documents, sick notes, performance appraisals and feedback are subject to the GDPR.“ }, { „question“: „What obligations do companies have under the GDPR?“, „answer“: „Companies must document data processing processes, inform employees, implement technical protection measures, carry out training and report data breaches.“ }, { „question“: „Why is the GDPR important for HR?“, „answer“: „It protects employees“ personal data, ensures transparency, creates trust and gives companies legal certainty, while avoiding fines and reputational damage." } ] }