In 2017, OrangeHRM underwent an extensive review of its own processes and software capabilities to determine and address our compliance with GDPR. We leveraged the approach recommended by the ICO (Internet Commissioner Office, UK), the details of which can be found at https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf, a summary of which is as follows:
1. Awareness
2. The information you hold
3. Communicating Privacy information
4. Individuals’ Rights
5. Subject Access Requests
6. The lawful basis for processing personal data
7. Consent
8. Children
9. Data Breaches
10.Data Protection by Design and Data Protection Impact Assessments
11.Data Protection Officers
12.International
Through this exercise, we were able to validate that - for the most part - our internal processes and software were largely aligned with the GDPR requirements but we did identify some areas of improvement.
There is also an attachment within this question. Please download to know more about OrangeHRM.