Cheerful Man in Purple Jumper

HR GDPR compliance – how Ciphr can help

Need support with HR GDPR compliance? Ciphr’s software solutions and experts are here to help. We help hundreds of UK organisations store their people data securely, and in line with the GDPR’s requirements.

Service Page -  Diversity and inclusion-1

Secure your people data

The GDPR requires all companies operating in the European Union to adopt its policies, processes and practices to manage the personal data of their customers, users, suppliers and employees. The objective of these regulations is to standardise the rights of European Union residents relating to the fair and secure use of their data.

HR teams are particularly affected by these standards. As the data controller for your employees, it’s your responsibility to ensure that the way your organisation handles and stores their personal data complies with the GDPR’s standards. Ciphr’s HR solutions are designed to support your HR teams achieve GDPR compliance.

How Ciphr’s solutions help with HR GDPR compliance

HR software is particularly valuable for organisations that collect and store employee data. Outdated data management methods, such as insecure paper or Excel-based filing systems, place your organisation at risk of security breaches. Recruitment software can also help you better manage data belonging to job applicants – which can often be held insecurely, and disjointedly, in email mailboxes or on paper records. An integrated HR and recruitment solution provides a seamless, secure and reliable data management solution that supports data security through the employee lifecycle.

Ciphr proudly offers off-the-shelf GDPR and information security eLearning courses through our subsidiary company, Marshall E-Learning, to help you deliver GDPR training across your organisation.

How Ciphr secures and protects our customers’ data

As a trusted processor of our customers’ data, Ciphr takes numerous steps to ensure that the appropriate technical measures are in place to deliver a secure environment for our solutions. We are always looking to enhance our security measures and have incorporated multiple layers of encryption technologies, protective monitoring, and auditing solutions.

Our applications and infrastructure are regularly assessed by both internal and external vulnerability and penetration-testing programs using our internal Certified Ethical Hacker (CEH) resources, as well as through a partnership with several external CREST-accredited penetration testing organisations.

Ciphr’s internal security forum, led by our head of information security, meets regularly to review all the security measures we have in place – including associated policies and procedures – to ensure they are maintained appropriately. The forum also creates and delivers regular training and awareness sessions relating to all areas of information security for all Ciphr employees. All Ciphr employees are also background checked to a minimum of the BS7858 standard.

All our technical measures, policies and procedures are externally audited by the British Standards Institute (BSI) each year to validate our ongoing compliance with the Information Security Management System (ISO27001:2013) framework, which we have maintained since 2014.

To ensure we are fully compliant with the GDPR we have invested in external training to ensure we have certified GDPR practitioners within the security forum. We have also conducted specific audits to confirm our data and documents, including policies and procedures, are compliant with both the ISO27001:2013 framework and the GDPR.

"We’re entering a period now where HR professionals need to focus on enforcing the policies they’ve put in place."

Claire Williams

Chief people officer and data protection officer, Ciphr

"While the majority of organisations have done the necessary work to write policies, create new procedures and train staff, there remains a question over whether data-protection principles have actually been built into the design of the organisation, to ensure they are being adhered to consistently. It is proof of an intrinsic culture of data protection that the Information Commissioner’s Office (ICO) would be looking for during an inspection."

GDPR for HR: HR software that takes the stress out of compliance

Manage applicants’ data more effectively

Download data, request consent extension, anonymise records and delete data via the dashboard

Record consent

Document consent against employee or applicant records where you have determined that consent is required

Anonymise records

Choose to anonymise leavers’ records instead of deleting them, so you retain access to useful metrics while remaining GDPR compliant

Create GDPR users

Restrict access to relevant fields for users with responsibility for GDPR

Create automatic notifications

Set up auto reminders to re-validate consent where required

Enable self-service access

Comply with subject access requests (SARs) more easily by granting access to data for leavers and current staff, or through a data protection report

Define data-retention periods

Decide when leavers’ records will be flagged for deletion or anonymisation

Implement policy acceptance

Confirm staff have read your GDPR-related policies

Product Page – Learning

GDPR for employees: off-the-shelf GPDR eLearning courses

Ensure your organisation and employees comply with the GDPR’s requirements in every aspect of their work by asking them to complete mandatory GDPR eLearning courses. Our off-the-shelf GDPR eLearning courses, developed by the experts at Marshall E-Learning, help learners to understand crucial data protection concepts, the GDPR’s objectives, and the responsibilities of organisations to comply with the GDPR.

These SCORM-compatible courses are quick and easy to implement via your chosen learning management system, and are regularly refreshed so you always have access to up-to-date content.


We would strongly recommend that you seek your own legal advice if you are unsure about the implications of data protection laws on your business. The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. While we have made every effort to ensure that the information provided on this document is correct and up to date, Ciphr makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. Ciphr will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information, or from any action or decisions taken as a result of using this information.