Skip to main content

Warning notification:Warning

Unfortunately, you are using an outdated browser. Please, upgrade your browser to improve your experience with HSE. The list of supported browsers:

  1. Chrome
  2. Edge
  3. FireFox
  4. Opera
  5. Safari

GDPR-compliant databases

Databases containing personal information must be compliant with GDPR.

Data held on databases must be:

  • used only for the purpose for which it was collected
  • held in the agreed location, not being moved or copied without permission


  • Databases cannot be shared across the organisation or with third parties without a legitimate reason for sharing
  • Database access is confined to staff using it for work duties
  • Third parties being given access to databases must sign the HSE Data Processing Agreement before accessing any identifiable data. This is in compliance with Article 28 General Data Protection Regulation (GDPR).

GDPR records of processing activities template (Excel, 580KB)