Just to let you know we have audited our data storage and processing policies, procedures and protocols against the requirements of GDPR and implemented new policies, procedures and protocols which are fully compliant with GDPR.
What is GDPR compliance?
These new regulations apply to all businesses that deal with data of EU citizens, and this will impact on employers who will need to store and process their employees’ personal, and sometimes sensitive data. As an employer you will need to ensure that you comply with the new regulations and that when you store and process employee data you ensure that it is properly protected. If you want to know more about GDPR, read my blog from September last year click here to read my previous GDPR blog post
What have we done to ensure that we are compliant?
- Where consent is required, we will not store or process any data until that consent is given. Where we store and process data on lawful grounds other than consent, we make it clear what those grounds are. Click here to view our data retention policy
- If a breach occurs, we have protocols and procedures in place to notify the local data protection authority within 72 hours of the breach being discovered. See section 28 of our Data Protection Policy Click here to view our data protection policy
- Customers have the right to request their data be deleted and no longer shared with third parties who, in turn, must delete the data. See section 19 of our Data Protection Policy Click here to view our data protection policy
- Privacy and security is now built into all of our products and processes. Data should not be held for any longer than needed and only the minimum amount of information for the purpose required should be collected. See section 8 of our Data Retention Policy Click here to view our data retention policy
What have we done to help you ensure your employee data is compliant?
- Our HR software allows you to produce all information held on an employee as a PDF file which can be downloaded and transferred electronically or as a printed copy in response to a subject access request. If you need to redact a document this can be done either using pdf editing software or manually on the hard copy.
- Our HR software auto deletes all employee records after pre-set time periods, which are set in accordance with statutory requirements.
- Our Document Management System allows the employer to set deletion dates for all documents stored in line with your document retention policy.
- Our HR software is encrypted using SSL encryption, PHP Mcrypt, and 3DES.
- We will support our customers in developing anonymisation protocols when they require us to draft correspondence to their employees. Click here to see an explanation of anonymisation in our Encryption FAQ’s
- We will support our customers in developing pseudonymisation techniques when they need to send us complex detailed information regarding an employee on whom we are advising. Click here to see an explanation of pseudonymisation in our Encryption FAQ’s
- All documents sent via email or our help desk that contain personal or sensitive data will be encrypted using egress encryption. Click here to view our Encryption FAQ’s
- We will not keep any of our customers’ employee personal or sensitive data for more than 4 weeks.
- We have redrafted the data processing clause on all our pro forma contracts of employment and changed the grounds from consent to other lawful grounds.
- We have drafted a letter for all of our customers to send to their employees explaining that they hold and process employee personal and sensitive data and the lawful grounds for storing and processing that data.
We have updated our complaints Policy
We have also taken to opportunity to update our complaints procedures and processed. Please click here to see our new complaints policy and her to submit a complaint on line.
If you want to know more about how People Based Solutions can help you effectively and lawfully manage your employee data get in touch you can e-mail us on email@example.com or call 01925 425957