|
4 Steps HR Teams Can Take To Boost Employee Data Protection
By Jocelyn Brown
January 9 2020 - Employers in Europe face fines of up to 20 million euros - or 4% of their annual turnover - for breaching the data protection of their employees under the General Data Protection Regulation (GDPR). With such a large amount of cash at stake, it's crucial that HR departments do all they can to safeguard their employees' sensitive information and prevent it from falling into the wrong hands.
Go paperless
Businesses typically handle paper documents such as CVs, letters confirming salaries or annual bonuses, annual appraisals, and to monitor training. However, paper records are responsible for 40% of all data breaches, according to Kelly's Storage, so it's wise for HR teams to implement a paper-free environment where possible. This can be done by restricting staff members from being able to print out paper documents by only giving the administrator - ideally the HR manager - printing rights. HR should have their own personal printer in their office too, which can prevent sensitive data that does have to be printed from being picked up by someone else in the organization.
Strengthen passwords
All files and documents that contain sensitive information on an employee should be password protected. But to reduce the risk of passwords being hacked, steps should be taken, including avoiding easy-to-guess passwords. These include using the employee's name or a string of numbers, such as 1-2-3-4-5. A unique password should be used for every single document and file too, even when the documents are regarding the same worker. If there are concerns about how an HR team will remember all the various passwords, it's worth considering a business password manager to aid access for all.
Disposal of records
As a general rule, employee records should be disposed of 6 years after they cease working for an organization. HR departments must, therefore, regularly complete an audit of their documents and ensure that they safely dispose of old data at the appropriate time. Safe methods include physically destroying paper copies via shredding or burning. Whereas, electronic files should be overwritten or deleted. Bear in mind, though, that simply deleting files from the main folder and Recycle Bin of a computer will not remove it from the hard drive. Instead, a special program designed to destroy temporary files must also be used.
Better training
Research shows that just 20% of businesses believe they are fully GDPR compliant, while 80% say they know very little about the regulation. HR professionals must take it upon themselves to fully educate themselves and arrange for full training to be given to all senior members of staff that come into contact with employee data to ensure that breaches aren't made. Training courses can be found online or experts in the field can be called into the place of work for a more hands-on training experience.
Employee data protection is an essential aspect of all businesses that HR departments must actively work to secure. Thankfully, by implementing various methods, tools, and techniques, the risk of sensitive employee data being breached will reduce.
HRM Guide makes minimal use of cookies, including some placed to facilitate features such as Google Search. By continuing to use the site you are agreeing to the use of cookies. Learn more here
|
|
|
|
|
|
|
Copyright © 1997-2024 Alan Price and HRM Guide contributors. All rights reserved. |