What is data protection and why is it important for HR managers?
HR departments are at the sharp end when it comes to safeguarding data. They not only hold large volumes of personal and professional information along with sensitive details of an organisation's employees, but also candidates for jobs (who hand over a lot of personal data during the recruitment process). This puts them in an incredibly vulnerable position.
Research from America reveals that 79 per cent of adults are concerned about how their data is being used by companies. So, let's look at data protection and the best tools for HR departments to manage and keep data secure.
Data protection laws are there to protect people from the misuse of information about them. In the UK, the Data Protection Act 2018 (DPA) governs data protection (it mirrors GDPR). Data controllers, usually employers, have to comply with certain principles. Those whose data is held or processed - data subjects, consisting of current and former employees - have rights. The Information Commissioner's Office (ICO) has a useful guide on the DPA for organisations but, briefly, organisations must be able to show:
- Consent - be able to show that employees and job candidates were informed how their personal data would be used and why.
- Lawful processing of personal information
- They have a DPO (data protection officer)
- Job references - data subjects can ask for a copy of their reference (unless there's a relevant exemption).
- Email/internet - have a comprehensive internet, social media and communications policy that covers data use.
- Accountability - show data protection compliance by training, auditing, documenting and reviewing HR policies.
- Third party compliancy (sharing data with third parties)
- SARs (subject access request) dealt with efficiently
- Data security
- Record keeping
Data privacy is all important but so is data security. The law also requires an organisation to have systems and security controls designed to protect data, prevent information leaks or other unauthorised use of data. With greater numbers of people working from home, many using their own devices, the risk has never been so high.
HRMS (human resources management systems) are software applications that manage human resource functions: such as payroll, recruitment, benefits, training, attendance and, crucially, data management. They also boast multi-layered security features and encryption to protect an organisation's data (and therefore an organisation's employees' data as well).
The security features can include:
- Secure transmission of digital data
- Automated data checks that analyse old data, checking whether it should be kept or not.
- Quick, efficient data deletion from the database
- Employees can login to view their personal data stored in their employer's database (and keep their information up-to-date while remaining in control).
- Different levels of access to data so there's no danger of unauthorised access to the personal information of employees or candidates.
- Running automated data checks to identify possible vulnerabilities that might lead to data breaches.
- Multi-factor authentication required (an extra step required after inputting a password).
- Automated alerts when training or certificates need renewing; also review employees training around compliance
The knowledge that a company has a digital HRMS not only builds trust amongst the workforce and potential members of staff but reinforces the importance of good data management by employees.
It's not just up to the organisation to keep data protected; it's everyone's responsibility within that organisation as well. One other advantage is that HRMS's centralise the data in order to better control it. This means that organisations not only get a more comprehensive view of their workforce, but it lowers compliance risks as well, not to mention making HR teams more productive.
At Worksmith we are specialists in innovative technology that frees up HR teams, allowing them to concentrate on more targeted, engaging or strategic tasks. Once we understand your technological needs, our experience, knowledge and expertise will enable us to advise you on the right path to finding the right technology solution for your business.
We have over 15 years' experience of supporting clients analyse their business processes, streamline their processes and help them on the journey of business transformation whilst incorporating a new technological solution.
Let us be your transformation mentors.