The complexity surrounding the upcoming implementation of the General Data Protection Regulation (GDPR) is based upon “opening clauses,” which permit a Member State to modify the provisions of the Article in which the clause resides. In other words, the Member State may introduce a more restrictive application of the GDPR obligation via local legislation. This lack of consistency in HR-related data protection is concerning with the advances in workforce management, monitoring and the use of personal devices in the workplace. Regulators have attempted to address the issue with an update to the 2001 Article 29 Working Party opinion on data protection of employees. This new opinion provides an update to the recommendations that were put in place prior to the age of social media and pervasive computing.