Some of the most topical questions we’re asked at the moment are understandably regarding HR and GDPR (General Data Protection Regulations).
First of all, it’s important to clarify that no HR or recruitment software solution will ensure you’re instantly Compliant on how you handle employee data – or manage consent.
Outside of the integrity of the supplier and their security standards and data storage locations, it is your policies, not your system that will ensure Compliance.
But, dependent on their infrastructure, many HR systems will assist you greatly in meeting requirements in line with the right policies being defined.
HR professionals are obviously concerned about the impact the GDPR will have on People Management and Talent Acquisition.
You should check in your region about extra legislative requirements on data retention.
This might include data retention laws on what information you’re obliged to keep on terminated employees for wider legal reasons that might otherwise contrast or supersede ‘general‘ GDPR commitments that might be more appropriate to marketing or less specific business issues.
For example, with HR software systems that have a strong element of employee self-service on how they manage their personal contact details and similar data – is it reasonable to keep next-of-kin records following a team member’s exit from the organisation?
Perhaps it could be if there is a life insurance policy or pension attached to a deceased team member that can benefit their partner or spouse.
Another example is construction workers. In some jurisdictions, former workers’ records must be held indefinitely, in case they were ever in contact with Asbestos.
So such an organisation needs to retain their records, but likely does not have a need to retain its receptionist’s data. Again. This is you meeting your relevant policies and obligations to be widely Compliant, not the system. The system just enables this customization to your specific case.
HRLocker allows you to trim down information retained to just tangible or legal reasons – and demonstrate that in ‘one bucket’.
Ultimately it is your policies meeting regulations that will make you Compliant.
Let’s take recruitment and retention of data for CVs you receive as an example. How long should you keep applicant details following a job application?
What is a realistic and justifiable period to retain this information in line with your recruitment pipeline’s lifecycle? Only you can define this, not the system.
Do you inform applicants what your policies are – and why? (E.g., you might state in an automated response to applicants that you like to keep CVs for future or alternative opportunities you may have – and request their consent.)
HIRELocker is secure and will satisfy auditors relating to security standards. But you will only be GDPR Compliant if you have the right policy – for appropriate reason and purpose – on how long you store the data.
(If you are concerned about policy setting and Best Practices, please note that HRLocker offers First-Call HR Support on Professional price plans upwards. We are happy to assist you with setting up processes and are always interested to hear about your business case.
The HRLocker system is fit for purpose, but you have to define the policy template for retention periods – and why they are set to whatever period you agree and declare.
So, if you have a request to delete data, it’s easy to manage and demonstrate diligent handling and purging of data with a cloud solution like HIRELocker or HRLocker.
If you have disparate records in multiple systems and/or cannot refer to a supplier’s Information Security Standards then you are leaving yourself – and your data subject’s personal details – subject to vulnerability.
During a customer’s lifetime as an HRLocker client, HRLocker will act responsibly as both a data controller and processor.
HRLocker will never delete the client’s data – until an account is terminated – and then all data is deleted permanently from the system (although we will retain information such as that customer account’s financials to meet our own record-keeping duties).
Therefore it’s your responsibility to manage the data held within the system. And to remove it and manage it responsibly once you have extracted it.
HRLocker will not make you Compliant. Only you can do that by setting the appropriate policies. But HRLocker gives you all the tools to manage data responsibly and demonstrate your levels of accountability and our integrity as a supplier. All data is stored in the EU.