Heading Head

How does Workline help in your efforts to be GDPR compliant?



Right to Access

Experience seamless access to personal information with our Self-service platform. Tailored for efficiency, HR administrators can easily customize field visibility and editing permissions based on distinct employee roles.

Right to Rectify

Easily edit any data within our application. Administrators and employees with appropriate access controls can rectify inaccurate information at any time, ensuring data integrity and accuracy

Right to Erasure

Empowering administrators, our application enables swift deletion of personal information upon employee request. HR or admin can selectively choose specific data fields for deletion, ensuring compliance and privacy


Right to Restrict Processing

In compliance with GDPR regulations, individuals can request data processing restriction from their controller. Our application, acting as a data processor, enables administrators to promptly halt data processing upon receiving such requests from employees.

Right to Data Portability

The GDPR grants individuals the right to transfer data between controllers. Our application facilitates seamless data exports with robust security features, including password protection. This enables organizations to transfer data safely without any compromise on security.

Records of Processing Activities

Given the significance of personal data under GDPR, tracking changes is essential for enhanced data protection. Our application's audit logs provide a transparent history of all modifications to employee data, ensuring comprehensive monitoring and accountability.





If you have any questions regarding this Privacy Statement, write to privacy@workline.hr.

  • What is GDPR?

      The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) to safeguard the privacy and personal data of EU citizens. It came into effect in May 2018 and applies to all organizations that handle personal data of individuals within the EU, regardless of where the organization is located.

  • What is Personal Data in GDPR?

      Personal data, according to the General Data Protection Regulation (GDPR), refers to any information that relates to an identified or identifiable natural person. This can include a wide range of identifiers, such as names, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Essentially, any data that can directly or indirectly identify an individual falls under the scope of personal data as defined by GDPR.

  • What level of readiness does Workline demonstrate in terms of GDPR compliance?

    • Conducted thorough internal audits across our products, processes, operations, and management. The insights gained were promptly communicated to our teams, who swiftly devised solutions to address any identified issues.
    • Performed Data Protection Impact Assessments (DPIA) to ensure robust data management. Leveraging the findings, we've implemented tailored controls to enhance data processing and management practices
    • Created custom in-house tools to elevate data governance and facilitate efficient data discovery. Additionally, we've refreshed our policies and procedures for enhanced data management
    • Updated our privacy policy to align with relevant privacy laws, integrating insights from our data inventory, flows, and handling practices.
    • Streamlined our sub processors' contract process to guarantee their adherence to our stringent standards of privacy and data handling.
    • Appointed Privacy Champions from every department and a dedicated Data Protection Officer. Additionally, we've conducted ongoing training programs to raise awareness and ensure all employees are well-versed in privacy and data handling protocols.
    • Compiled a thorough data asset inventory encompassing all collected data, with Workline as both data controller and processor in mind. This inventory offers a comprehensive overview of our data landscape and associated processes.
    • Enhanced our Privacy Incident Response policy, implementing breach notification protocols and Service Level Agreements (SLA). In the event of a breach, customers will receive notification within 72 hours of our awareness. Additionally, individuals or organizations affected by specific incidents will be promptly notified via email using their primary email address.
    • Instituted a continuous monitoring program for privacy, procedures, and management, keeping abreast of any changes in privacy regulations.