Top Tips on GDPR Guidance for Employees


If you run a small business, you should by now have reviewed your data protection in line with the new GDPR rules which came into effect on 28 May 2018.   However, it’s not enough just to have all the right processes and procedures in place. If your employees don’t understand their roles and responsibilities when it comes to GDPR, you’re setting yourself up to fail.  The team at HCHR has come up with tips on GDPR guidance for employees to ensure your business is not at risk of breaching these new rules. Read More

Facebook Fined Under New GDPR Rules


It seemed for many businesses that, though the build up to the GDPR Regulations was very intense with hundreds of emails inviting us to update our settings or give consent, the event went out with a short puff of smoke. Read More

Whatever your customers trust you to do they trust you with their data too!


If you want people to trust you with their data, you need to earn it…stick with me..

Companies hold more personal data on their customers than ever before. Details about our social media habits or what kind of washing powder we prefer are collected, stored and then used to tailor our interactions with brands. Hence, why I’m followed all over the internet by Karen Millen dresses. But the relationship between businesses, their customers and personal data is far from straightforward.

Trust is a crucial component of success for businesses, but in recent years it hasn’t kept pace with the level of data brands want to collect.

So how did we get here, and, with new legislation like GDPR on the very near horizon, how can organisations make things better?

Even when a genuine benefit for customers, e.g. brands trading personal data for a better service, businesses have historically been poor at communicating this effectively. This creates a sense of public distrust regarding personal data. This attitude does define some brands’ data strategies but it’s counterproductive and won’t be tenable under the new GDPR regulations.

The discussion around GDPR has tended to focus on the problems and challenges it represents.  While it’s certainly difficult for businesses in some ways, GDPR also provides brands with a golden opportunity to reset their data relationships with customers.

Make sure there is a genuine value exchange

On the whole consumers accept that brands need their information to provide better services; and when they can see the benefit, they are prepared to share more and more data.

The days of businesses taking consumers’ data for granted are over. Take a step back and consider why people would want to share their data with you, then create and communicate a compelling case.  This may mean rethinking your strategy entirely to make it more customer-centric, but that is what both consumers, and the GDPR regulations, demand.

At its core, trust is inherently emotional. This is particularly true in the post-truth world of fake news and political turbulence, where doubting large organisations is becoming more commonplace.

While compliance is important, when people are deciding whether to trust a business they are looking for the same qualities they need in a person: transparency, visibility and the ability to deliver on promises. Consumers want to be treated as equals, rather than feeling undervalued or exploited. If businesses can keep this simple truth at the core of their dealings with personal data, they won’t go far wrong.

For help and guidance on GDPR compliance, HCHR has developed a range of support packages for businesses of all sizes.  Read more here or call us today on the number below:



Is GDPR the new Health & Safety Act?


If you haven’t heard about GDPR yet, then your head must be well and truly buried in the sand.   All businesses, no matter what size, are affected by these new regulations which come into force on 25 May 2018.

In fact, there has been so much hype around the GDPR regulations, we can but wonder whether they are set to become as stringent in terms of data protection as the Health & Safety at Work Act 1974.

Although the UK has had a two-year period to implement the new data protection regulations, many businesses have left matters till the last minute. But are we about to create a monster that will end up driving hundreds of companies up the wall because they can’t meet the ICO’s time-scales, can’t afford the huge financial penalties or miss out a hyphen in someone’s name?  Read more here.

HCHR is offering a range of support packages to business of all sizes, from a one-man band to large manufacturing companies to ensure that they comply with the GDPR regulations.

To find out more, call us today on the number below:


GDPR Misconceptions by Small Business Owners


If you’re a small business owner, with few or no employees, you may think that the new GDPR regulations don’t affect you. But that’s not the case. There are a number of misconceptions around these rules and so we’ve identified three of these to help small business owners understand the impact of these regulations:

Misconception #1:

Small businesses are exempt. There is no exclusion under current GDPR for businesses with only a few or even no employees. GDPR it not about  your firm’s size it’s all about the data that you hold, where  you hold it, for how long you hold it and how you use it.

Misconception #2:

GDPR only relates to data that has been provided by users. Not true; it applies to all data generated, collected or related to a user, whether or not they provided it.


GDPR only applies to customer data? The legislation covers a far broader range of data or Personally Identifiable Information (PII) and applies to all personal data including that held on employees. This means that even data held internally, such as that used by the Finance and HR departments, will be subject to the same rules in terms of transparency, integrity, confidentiality and accessibility.

If you want to find out more about how the GDPR regulations will impact on your business, you can book into one of our informal, hour-long Action Plan for Employers’ work shop.

To book your place, click here or contact Alice Evans at HCHR on

Tel: 01792 234761

GDPR: HCHR Support Packages


HCHR Action Plan for Employers

To assist you with your preparations for the General Data Protection Regulations that come into force on 25th May, 2018 we have put together a range HR support packages for businesses. We have the following options available for you:


  • One hour Breakfast or Lunch GDPR & HR Briefing in Swansea
  • Half an Hour GDPR & HR telephone audit

Bronze: £225 + VAT

  • Guidance – Key GDPR changes for HR
  • Employee Letter – GDPR HR Employment Contract Clauses & Outline of Key GDPR Employee Handbook / Policy Changes
  • Contractor Data Agreement

Silver: £425 + VAT

  • Guidance – Key GDPR changes for HR
  • Employee Letter – GDPR HR Employment Contract Clauses & Outline of Key GDPR Employee Handbook / Policy Changes
  • Template HR Privacy Statements
  • Template Retention & Disposal Framework
  • Template Data Protection Impact Assessment
  • Contractor Data Agreement
  • One Hour Consultation – applying GDPR HR updates in practice

Gold: £575 + VAT per day

(Bespoke service based on company size and need)

  • HR Data Mapping Audit & Consultation – applying GDPR HR updates in practice
  • Guidance – Key GDPR changes for HR
  • Guidance for Managers – 10 steps on managing GDPR
  • Employee Letter – GDPR HR Employment Contract Clauses &  Outline of Key GDPR Employee Handbook / Policy Changes
  • Key HR Documents updated with GDPR changes:
      • Template HR Data Records Spreadsheet
      • Template HR Privacy Statements
      • Template Retention & Disposal Framework
      • Template Data Protection Impact Assessment
      • GDPR Compliant Data Protection Policy
      • GDPR Compliant Subject Access Request Procedure
      • Contractor Data Agreement

    If you would like to discuss any of the packages in more detail or have any questions on GDPR please contact Alice Evans at HCHR who will arrange a call with one of our dedicated team of HR Advisors:

    Tel: 01792 234761

GDPR – Action Plan for Employers


No death by PowerPoint but a practical discussion over a cup of coffee on what is GDPR and what do you as an Employer needs to do to comply.

By 25 May 2018, organisations need to carry out an audit to identify any data protection risk areas and take the first steps towards creating a data protection by design and default culture to comply with the new GDPR Regulations.

HR teams should identify:

  • what personal and sensitive personal data is obtained from employees
  • how and where that data is stored, accessed and used, and the legal basis for collecting, storing and processing it
  • what data is shared with third parties
  • what kind of monitoring of employees takes place and where.

They should also prepare an action plan that specifies what needs to be done by when, who will do what and any internal and external support required including:

  • what documentation must be prepared or updated
  • a review policies and processes and decide which to change (different policies may be needed for employees and managers)
  • reinforcement of the changes through training (and keep attendance records)
  • what needs to be shown to whom to demonstrate compliance.

Does this sound like something that you can do in-house or would you like the assistance of an outsourced HR expert?   To help your organisation become GDPR compliant, HCHR is organising a number of breakfast meeting on Wednesday mornings as follows:

Location: HCHR, 10 St James’ Crescent, Uplands, Swansea SA1 6DZ
Times:  from 8 to 9 am
Dates: 25th April, 2nd, 9th, 16th, 23rd, 30th May

Click here to book your place via Eventbrite click here

 What can you expect from our breakfast briefing?

  • An opportunity to network with others as we work our way through what the GDPR changes mean for us as HR Professionals;
  • An overview of the key changes and how they relate to HR;
  • An opportunity to ask questions and clarify how others in HR are interpreting the changes in their organisations;
  • Access to a free 30 minute audit of how prepared you are for GDPR

To book your place, click here 

GDPR is On Its Way and Here to Stay


General Data Protection Regulations (GDPR) is due to come into force in May 2018 and will overhaul how businesses process and handle data.

The changes are coming about as the original rules were created in the 90’s and, since then, the amount of digital information we create, capture, and store has vastly increased. So, the old regime was deemed to be no longer fit for purpose.

These new EU regulations will have a huge impact on the HR function of many businesses including a number of key areas such as data protection by design and default, processing by consent and data subject access requests.

To find out the full details of what HR professionals need to take into consideration under the new GDPR rules, check out this article by Ross McKean and Katherine Gibson writing for Xpert HR entitled: How to start preparing for the General Data Protection Regulation (GDPR).

If you find all of these changes confusing, please call the team at HCHR for a free half-hour consultation on the number below:

Employment right

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.