GDPR COMPLIANT HR SOFTWARE BY CIPHR

An organisation’s compliance with the GDPR is a shared responsibility among all departments. Each team (and individual) must ensure that personal data is handled in the correct way; for example, anyone can accidentally send a set of personal data to the wrong email recipient – and this would be considered to be a GDPR breach. HR professionals must ensure that employees’ personal data is collected, stored and processed in line with the GDPR’s requirements at every stage of the employee lifecycle, from hiring and onboarding through to exit and offboarding. But departments, including HR teams, also have wider responsibilities to ensure they are processing customer and employee data in a way that complies with the GDPR’s requirements. HR teams often support IT and information security teams by helping to create a data security-aware culture; this could be, for example, by ensuring that staff complete an annual information security eLearning training course.

No single software solution will guarantee that your organisation will comply with the GDPR. When it comes to GDPR compliant HR software, look for HR systems – such as Ciphr’s – that feature an array of tools and features to help your organisation collect, store and manage employees’ personal data in line with your data security policies and procedures (which should be in line with the GDPR’s requirements). Hallmarks of GDPR compliant HR software, such as Ciphr’s, may include:

• A data-retention dashboard, from which you can download data, request extensions to data-retention periods, anonymise records, and delete information when permissions expire
• The ability to anonymise leavers’ records rather than delete them
• The option to restrict access to sensitive information, based on users’ profiles
• Automatic reminders, so you can re-validate consent when needed
• The ability to define data-retention periods – for 30, 60, 90 days or longer – after which leavers’ records will be marked for anonymisation or deletion
• Policy distribution and acceptance functionality, so you can ensure your people have read and understood your data protection policy
• Self-service access for employees, so they can view and update personal information themselves
• Grant leavers or staff access to their data, helping you fulfil subject access requests (SARs)

To ensure your HR software is GDPR compliant, it must demonstrate adherence to the GDPR’s key principles and requirements: namely, that data protection is part of the intrinsic design of the software and your processes (how you use the software). There are many requirements for GDPR compliant HR software – we recommend speaking to a specialist to determine the compliance status of your HR software.

Any software your organisation uses to request/collect, access, store or manage personal data by any individual residing in the EU, or to any partner, supplier or third party inside the EU, must be GDPR compliant. Your HR software, recruitment software, learning management system, and payroll software, are no exceptions.