Irish SMEs may be unknowingly breaching GDPR and failing to meet Workplace Relations Commission (WRC) record-keeping requirements due to widespread gaps in how HR documents are stored, accessed, and governed. That is, according to new findings published from the Irish SME HR Report, by Ireland’s leading people management platform, HRLocker.
The report, based on responses from professionals working on HR in organisations employing 20–249 people, reveals that document disorder has become one of the most significant, yet preventable, compliance risks facing Irish businesses.
Under Articles 5 and 32 of the EU’s General Data Protection Regulation (GDPR), employers must ensure the integrity, confidentiality, and security of employees’ personal data. Yet 66 per cent of SMEs continue to store HR documents in insecure systems, including general cloud folders (32 per cent), local hard drives (11 per cent), paper files (11 per cent) and email threads (9 per cent).
The Data Protection Commission has already investigated SMEs for similar failures. In a recently published case, an employer mishandled sensitive employment information during a data breach, prompting an official complaint and regulatory intervention. The DPC found that the organisation had not implemented adequate safeguards to protect employee data, providing a clear example of the real?world consequences of poor HR document governance. Under GDPR, failures of this kind can result in administrative fines of up to €10 million or 2 per cent of global turnover, as well as compensation claims from affected employees.
The report highlights that 59 per cent of SMEs lack accurate, formal version control, risking breaches of GDPR Article 5(1)(d), which requires organisations to maintain accurate and up?to?date employee records. Further, 56 per cent do not have a current retention policy for HR data, despite the GDPR storage limitation principle and obligations under the Data Protection Act 2018. Mid-sized SMEs (50–99 employees) are the least compliant, with over one-third (39 per cent) lacking any retention policy at all.
Without version control or retention schedules, SMEs cannot demonstrate compliance during WRC inspections or GDPR investigations, leaving them exposed to enforcement action, compensation claims, and costly remediation work.
There is a clear lack of auditability in the sector, with 26 per cent of SMEs reporting that they do not maintain an audit trail for HR document access and changes. A further 27 per cent are unsure whether one exists, meaning more than one in three lack robust processes.
This lack and uncertainty place organisations at risk of breaching GDPR Articles 24 and 30, which require employers to demonstrate accountability and maintain clear records of processing activities. In the event of a data-access request, breach investigation, or WRC inspection, the absence of an audit trail can lead to immediate compliance failure.
Governance gaps fuelled by document disorder also undermine compliance with core Workplace Relations Commission (WRC) record-keeping obligations, including requirements to maintain accurate, accessible, and up-to-date records on:
Working hours
Annual leave and public holidays
Contracts and terms of employment
Payroll and remuneration
Disciplinary and grievance procedures
Under the Workplace Relations Act 2023, missing audit trails, outdated files, or scattered storage systems can result in fixed-payment notices of up to €2,000 per offence, in addition to compensation awards to employees and orders to rectify records at the employer’s expense. These costs come on top of business disruption during follow-up inspections and reputational damage that undermines employee trust.
“The SME community’s commitment to compliance legislation cannot be understated. However, our research shows that many organisations are unintentionally exposing themselves to GDPR breaches, data protection obligations and WRC non-compliance simply because their HR document-management practices haven’t kept pace with modern requirements,” said Crystel Robbins Rynne, CEO of HRLocker.
“Despite SMEs’ best intentions, a lack of resources, adequate management processes, and tech enablement is leading to major implementation issues. These risks carry real financial and operational consequences. But they are entirely preventable. With the right HR systems and governance in place, SMEs can ensure compliance and reduce risk, adding layers of organisational resilience.”
Irish SMEs seeking to understand how to reduce HR document disorder and improve compliance can download HRLocker’s latest whitepaper, The Real Cost of Manual HR for Irish SMEs, at https://www.hrlocker.com/downloads/
See more stories here.
Dublin Tech Summit has revealed the first of its confirmed keynote speakers for Ireland’s flagship…
Late last year MyCelsius launched their cooling bracelet in the UK and they are planning…
Tata Consultancy Services (TCS), a global leader in IT services, consulting, and business solutions, and…
By David Stephen The first admission, regarding solving social media addiction and harm for users, especially…
Digital transformation in procurement has been “imminent” for over a decade, however, Legacy Thinking…
Educate.ie has launched EdPal, a new digital learning platform developed specifically for Irish post-primary schools…
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.