Crystel Robbins Rynne, COO of HR software solutions provider HRLocker, provides actionable insights for better employee data management.
Since the introduction of GDPR, data protection has been a constant topic of conversation. But after a spate of high-profile breaches, it seems businesses still have a long way to go when it comes to compliance.
Further complicating matters, distributed teams have become the norm. With employees working from various locations, information must be accessible beyond the office on multiple devices. HR teams are particularly impacted. They need to access and amend employee data every day.
“Failing to secure employee data has disastrous outcomes. It tells employees that you can’t keep their information safe and damages their trust in you. It also leaves the business open to insider leaks and fraud”
However, our recent research found a startling void between HR professionals’ confidence in GDPR compliance and actual adherence. While an impressive 90% of Irish HR professionals report confidence in their GDPR compliance, an alarming 76% say they had breached the regulation within the past 12 months. Our findings suggest that businesses have a way to go when managing employee information in line with governance and compliance demands.
Why it all comes down to secure data storage
The right data management approach can build trust, which breeds better performance.
Research shows that people are open to sharing personal data when they believe in the reason behind it – but many are concerned about how this information is protected and stored. Deloitte found that trusted businesses outperform their peers by 400%. Considering trust in employers is at an all-time low, HR leaders would do well to demonstrate that their data management approach is fair and secure.
Failing to secure employee data has disastrous outcomes. It tells employees that you can’t keep their information safe and damages their trust in you. It also leaves the business open to insider leaks and fraud. As cyberattacks become more sophisticated, a password-protected spreadsheet doesn’t go far enough. And if the information inside it isn’t accurate or up to date, the spreadsheet could put you in breach of GDPR.
Countless companies have had hefty fines for failing to comply with the rules. British Airways received a £20m fine for failing to put robust security protections in place after hackers accessed 400,000 customers’ data. More recently, Google was accused of hoarding applicant information when a whistleblower found the personal details of UK and EU applicants dating back to 2011 on Google’s recruitment system gHire.
Secure data storage can shield you from these negative consequences and save HR departments time. Choosing a cloud-based system with automation features means you’ll have less manual admin to contend with – which reduces the chances of human error during data inputting. Moreover, a centralised space to store this information helps with data retrieval because you won’t need to spend hours hunting down a single pay slip or P45.
Employee data: Do’s and Don’ts
Smart HR data management platforms are secure and free up time for HR teams to focus on strategic work. But the right tech needs to be supported by the right practices. Here’s a selection of employee data do’s and don’ts to ensure data security and compliance.
Do: Revisit your data collection policies
Data management isn’t a one-and-done tick-box exercise—sensitive employee data changes quickly and often – think changes of address, bank account switches, updated next-of-kin details, for instance. Set a periodic review to ensure your data collection policy aligns with your business activities and the lives of your employees.
Don’t: Collect more than you can manage
It’s mandatory to store certain types of data – employment records like hours, deductions, and contributions. But if you’re collecting non-essential data you aren’t using or can’t justify using, you could breach GDPR rules. Gartner recommends creating an HR data compliance checklist to ensure your data collection practices are grounded in your culture and company ethics.
Do: Be transparent with employees about data collection
Employees are more willing to share personal data than you might think. But they expect to be fully informed about how their information will be stored and used. Make sure you communicate this honestly and transparently. Better still – give employees autonomy over their data through connected apps or portals where they can share information or update old details.
Don’t: Use too many platforms
Ensuring records are accurate and up-to-date is easier when using only one system. Storing employee information in various locations becomes costly when implementing specific security protocols, processes, and software for each individual storage space. One cloud-based system will do the trick.
Do: Embrace cloud storage
Cloud storage enables companies to operate with the same knowledge base wherever they are. Cloud data management systems centralise information so you don’t waste time struggling to locate it. What’s more, advanced analytics capabilities mean you can gain valuable insights from the data you’re collecting.
Don’t: Keep the data longer than you should
Holding onto legacy data exposes you to the risk of a GDPR breach and undermines your data security practices. Remember: the more you have, the more you need to protect. Remind yourself of the specific data retention periods for HR records, and update your colleagues.
Do: Destroy data securely
Information can still live on your devices even after moving files to the recycle bin. You must ensure your organisation regularly deletes data from any backups or background storage locations. Paper files should be shredded (and, ideally, recycled). For more information, you can read our free guide, Data Retention Guidelines.
In the right hands, HR data can do wonderful things. Leaders can garner insights and leverage findings to increase engagement, improve culture, and boost retention. Setting up and adhering to robust data management policies and practices means the people doing good with data can go about it uninterrupted without risking compliance, and bad actors are locked out.
If you’d like to learn more about HR data management and compliance, you can watch our on-demand webinars.