Trust us, it's important
When we think about the general aim of the GDPR, safety and security of sensitive data is paramount. From a HR/Absence Management perspective, the data handled is often of a sensitive nature with employee sickness records, holiday details and important pieces of employee data such as payroll numbers often on show.
If organisations are still using paper and spreadsheet based Absence Management processes, then employee data is easily accessible and much harder to keep secure than say that based on a more modern cloud-based software.
Fill in the form opposite to watch our comprehensive GDPR for HR webinar, recorded on the 4th of May 2018. Alternatively, request a copy of our whitepaper on the subject here.
The GDPR asks organisations to allow people whose data they hold to be informed as to why they hold that data, as well as providing regular updates when data is amended or used.
e-days will be updating its privacy notice to provide all users with the relevant information on both how and for what reason their data is used within the system. Of course existing within our system currently is our notifications process, where employees and line managers are informed of requests, approvals, logging sickness and the return to work process.
The GDPR stipulates that data subjects have the right to receive all personal data that is stored about them in a commonly used, machine-readable format.
To help with this, a new “My data” page will allow all e-days users to view and download all of the data that e-days holds about them without the need for hunting around filing cabinets or searching unprotected shared spreadsheets. This functionality should significantly reduce the administration burden attached to this process.
The GDPR asks organisations to allow people the right to object to or rectify a change to their data or something that has involved the use of their data in any way.
e-days will provide a request form within the application to allow users to easily request changes to or comment upon their data.
Each request for change will also be logged, allowing system administrators to keep track of requests and ensure they are responded to within the correct time frame. Maintaining as already stated, a clear and easily accessible trace of data.
The GDPR requires organisations to allow people the right to be forgotten, a really important process for HR given staff turnover and people leaving an organisation. The right to be forgotten allows an
individual whose data you hold the right to have all of this data permanently erased.
e-days will be providing a “hard delete” function against each user, this will allow user data to be permanently and irreversibly removed from our servers.
It may sound simple but the right to be forgotten is one of the key components of the GDPR and having a simple option for users to erase their data at their own request will help HR departments comply with the new ruling.
If you’re currently using a paper and spreadsheet based Absence Management system, with requests and other important information stored in files, take a second to think about everyone who has easy
access to that data.
Shared spreadsheets open the risk of people making amendments without the authority to do so, and the use of paper requests increase the risk of sensitive data being lost.
Can you comfortably say your current processes leave you compliant come May 25th?