Ironically, despite perhaps being such a big part of the problem, technology will underpin the success of your data protection strategy.
HR software can help you gain greater control over company data, so you can protect the business and comply with the increased employee privacy rights under the new General Data Protection Regulations (GDPR).
In the words of the great financier Fred Wilson: “The companies that do the best job on managing a user’s privacy will be the companies that ultimately are the most successful.”
We’ve identified eight areas where your HR systems and technology can support your GDPR compliance goals.
1. Keep HR data secure and centralised
As a data controller, you are responsible for making sure that data is stored and processed lawfully. You need to know what information is held, why you have collected it, where it is held, how it is used and who has access to it. This covers personal data relating to paper files as well as digital documents. A good HR software system will support this, providing you with robust security protocols, including encryption and role-based access to data.
2. Provide an audit trail
It’s important that you can demonstrate that you have effective systems in place to provide an audit trail and report any data breaches. Your HR system should facilitate this.
3. Increase data accuracy
Personal data must be accurate and complete. Employees must be able to see the personal data you hold on them. The GDPR recommends, for example, the provision of remote access to a secure self-service system, which would provide employees with direct access to their personal information. Easily managed and configurable services can make data easily editable and supported by approval workflows.
4. Manage data subject access requests
The new data legislation requires you to respond more quickly and more comprehensively to data subject requests. With the cost for employee requests now at zero, your technology should also allow for an increase in subject access requests under the GDPR.
You must be able to provide the data in a manageable, digital format. So your HR technology should keep all HR data in one place, avoiding a scattering of data across C-files and desktops, for example.
5. Track employee consent
Some HR software allows you to generate personalised communications with e-signatures and track when – or if – employees have consented to your data use. Again, with your data stored centrally, you can easily manage and track updates to your company privacy policy , employment contracts and data protection policies.
6. Simplify data deletion
Under the GDPR, you are obliged to delete information that no longer qualifies as lawful processing. Set up rules to conduct regular reviews and cleansing of HR databases.
You should also set up reminders against leaver records, so HR administrators can delete records when a member of staff leaves, or when time has lapsed on pay records, performance reviews and disciplinaries.
7. Keep employees informed
Set up internal portals targeted at different groups of employees within your organisation. You can use this to upload relevant documents and updates. You might also consider a Q & A forum to help improve communications and transparency.
8. Build a culture of privacy and transparency through training
To make privacy part of your company DNA, it’s important to set up training for your staff, so they’re aware of their rights and responsibilities. HR software enables you to review employee roles and responsibilities and allocate them the appropriate training or certification.
It will also flag when further training/renewed certification is up for renewal or should be refreshed. You can also link this to employee appraisals, so that data protection practice becomes a more measurable entity.
To help your business with GDPR compliance, Me Learning has set up a suite of GDPR online training courses. The courses address requirements across the business and at every level. To find out more click here.