January 9 2020 - Employers in Europe
face fines of up to 20 million euros - or 4% of their annual turnover - for breaching
the data protection of their employees under the General Data Protection Regulation (GDPR). With such a large amount of cash at stake, it's crucial
that HR departments do all they can to safeguard their employees' sensitive information and prevent it from falling into the wrong hands.
Businesses typically handle paper documents such as CVs, letters confirming salaries or annual bonuses, annual appraisals, and to
monitor training. However, paper records are responsible for 40% of all data breaches, according to Kelly's Storage, so it's wise for HR teams to
implement a paper-free environment where possible. This can be done by restricting staff members from being able to print out paper documents by
only giving the administrator - ideally the HR manager - printing rights. HR should have their own personal printer in their office too, which
can prevent sensitive data that does have to be printed from being picked up by someone else in the organization.
All files and documents that contain sensitive information on an employee should be password protected. But
to reduce the risk of passwords being hacked, steps should be taken, including avoiding easy-to-guess passwords. These include using the employee's name or a string
of numbers, such as 1-2-3-4-5. A unique password should be used for every single document and file too, even when the documents are regarding the
same worker. If there are concerns about how an HR team will remember all the various passwords, it's
worth considering a business password manager
to aid access for all.
Disposal of records
As a general rule, employee records should be disposed of 6 years after they cease working for an organization. HR departments must,
therefore, regularly complete an audit of their documents and ensure that they safely dispose of old data at the appropriate time. Safe methods
include physically destroying paper copies via shredding or burning. Whereas, electronic files should be overwritten or deleted. Bear in mind,
though, that simply deleting files from the main folder and Recycle Bin of a computer will not remove it from the hard drive. Instead, a special
program designed to destroy temporary files must also be used.
Research shows that just 20%
of businesses believe they are fully GDPR compliant, while 80% say they know very little about the
regulation. HR professionals must take it upon themselves to fully educate themselves and arrange for full training to be given to all senior
members of staff that come into contact with employee data to ensure that breaches aren't made. Training courses can be found online or experts
in the field can be called into the place of work for a more hands-on training experience.
Employee data protection is an essential aspect of all businesses that HR departments must actively work to secure. Thankfully, by
implementing various methods, tools, and techniques, the risk of sensitive employee data being breached will reduce.