In May 2018, the General Data Protection Regulations came into effect. This set of standards has a significant impact on businesses and their employees. It also impacts how your Workday HCM needs to run. Here is an overview of what you need to know about getting compliant with GDPR through Workday.

But first, let’s understand GDPR a little better. GDPR regulates the European Union’s stance on the way personal data is stored, processed and disposed. It also categorizes what data falls under the realm of being “personal” – this now also includes data related to location and social or cultural identity as well as the economic data of an individual. This data isn’t limited to digital records but information filed on paper as well.

Here’s how configuring Workday correctly can help a company adhere to GDPR, giving both individuals and the regulatory authorities a clear view of compliance.

Complete Consent

An employer can only process someone’s data with full consent. The individual of whom the data concerns must have a clear view of what data is being shared and how it will be processed. They also need to have the means to revoke their consent. This guideline is meant to drive home the point that consent cannot be assumed on factors such as ambiguous remarks, inaction on the part of the individual or consent fine print and check boxes that could be overlooked.

For example, those using Workday Recruiting may want EU job applicants to be given the option of consenting to their data being used with a straightforward explanation of what data will be stored, processed and/or shared. A decline in consent can then alert Human Resources through Workday and the matter can be taken forward. Similarly, individuals should be given the ability to revoke their consent.


An organisation needs to be transparent about the personal data it holds about individuals. However, if the individual themselves have furnished you with the data you do not have to inform them that you have it. Take the use of Workday On-boarding for potential employees to fill in their information – you are not obligated to inform them that you have this data after they have entered it.

Access to Personal Data

Employees need to be able to access their personal information on record with an organisation. With Workday, this can be done by giving individuals accounts to be able to sign in and take a look at the data that the company has on file.

Ability to Correct Data

According to the regulations, each individual needs to be able to change and correct their personal information in case it is inaccurate. With Workday, rectifying data is an easy process when Employee Self Service Business Processes are used. It can be configured so you can choose what information can be modified independently and what needs to be approved by Human Resources or another department.

Objection of Data Use

An individual can stop their private information being processed provided they have a credible and compelling reason. This can be done by configuring Workday to allow its users to oppose to their information being processed through the Employee Self Service.

Deleting Personal Data

An individual should have the capacity to delete their personal data from an organisations records if there is no credible need for it to be there – for example, if the employee has resigned. This ‘right to be forgotten’ can be met with Workday’s feature that allows deletion of single or multiple data connected to an employee.

Using Stored Data

The GDPR gives individuals the opportunity to take their personal data that is held and obtain it for use in other IT related areas. Workday already has the provision to be able to port data seamlessly to other IT systems as well as individual downloads for personal use through widely-used programs such as Microsoft Excel.