Some of the most topical questions we’re asked at the moment are understandably regarding HR and GDPR (General Data Protection Regulations).
First of all, it’s important to clarify that no HR or recruitment software solution will ensure you’re instantly compliant when handling employee data or managing consent.
Outside of the integrity of the supplier and their security standards and data storage locations, it's your policies, not your system, that will ensure you meet compliance requirements.
That being said, dependent on their infrastructure, many HR systems will assist you greatly in meeting requirements in line with the right policies being defined.
For HR professionals concerned about the impact that GDPR has on people management and talent acquisition, there are plenty of online checklists, official guidelines for both the UK and Ireland, and extensive advice and legal notes are available.
You should check in your region about extra legislative requirements on data retention. This might include data retention laws on what information you’re obliged to keep for legal reasons that might otherwise conflict with or supersede general GDPR commitments.
For example, with HR software systems that have a strong element of employee self-service in how they manage their personal contact details and similar data, is it reasonable to keep next-of-kin records following a team member’s exit from the organisation? Perhaps it could be if there is a life insurance policy or pension attached to a deceased team member that can benefit their partner or spouse.
Another example is construction workers. In some jurisdictions, former workers’ records must be held indefinitely, in case they were ever in contact with asbestos. In cases such as these, you need to retain the relevant data.
Again. This is you meeting your relevant policies and obligations to ensure wide compliance, not the system. The system just enables this customisation for your specific case.
HRLocker allows you to trim down information retained for tangible or legal reasons – and demonstrate that in one central location.
Ultimately, it's your policies meeting regulations that will make you compliant.
Let’s take recruitment and the retention of CVs you receive as an example. How long should you keep applicant details following a job application?
What is a realistic and justifiable period to retain this information in line with your recruitment pipeline’s lifecycle? Only you can define this—not the system.
Do you inform applicants about your policies and the reasons behind them? For instance, you might state in an automated response to applicants that you like to keep CVs for future or alternative opportunities you may have, and ask that they tick a box to confirm their consent.
HIRE - HRLocker's integrated, end-to-end recruitment and onboarding platform - is secure and will satisfy auditors ‘ security standards. However, you will only be GDPR compliant if you have a policy that clearly outlines the appropriate reasons and purposes for storing data.
The HRLocker system is fit for purpose, but you must define the policy template for retention periods – and explain why they are set to the agreed-upon period. With a cloud solution like HIRE of HRLocker, it’s easy to manage and demonstrate diligent handling and purging of data should you get a request to delete data.
If you have disparate records in multiple systems or can't refer to a supplier’s Information Security Standards, then you are leaving yourself – and your data subject’s details – in a vulnerable position.
During a customer’s lifetime as an HRLocker client, HRLocker will act responsibly as both a data controller and processor.
HRLocker will never delete the client’s data – until an account is terminated – and then all data is deleted permanently from the system. We only retain information such as customer account financials to meet our GDPR and data compliance responsibilities.
Therefore, it’s your responsibility to manage the data held within the system. And to remove it and manage it responsibly once you have extracted it.
HRLocker will not automatically make your data GDPR-compliant. Only you can do that by setting the appropriate policies. HRLocker does, however, give you all the tools to manage data responsibly and demonstrate your levels of accountability and our integrity as a supplier. All data is stored in the EU.