GDPR Compliant HR Software
Ensure your business keep employee records correctly
WHY DO SMES NEED GDPR COMPLIANT HR SOFTWARE?
GDPR is a legally onerous and potentially time-consuming responsibility for Business Owners, HR Managers, and effectively all Employers. GDPR-compliant HR Software is a major assistance to Business Owners, Managers and the HR Function, easing the impact of GDPR and giving the business the necessary peace of mind.
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Since then, there is one set of data protection rules for all companies operating within the EU. GDPR is designed to give people more control over their personal data, while also meaning there is a ‘level playing field’ for all businesses where data control and responsibilities are concerned.
But be warned: ‘level playing field’ is a euphemistic way of saying every employer and small business owner had better take the protection of employee data very seriously. That means securing and managing employee information and details. And being accountable if you don’t. Employee Data, documents – and anything that relates to their personal details and privacy – needs to be stored, secured and managed. Staff records need to be stored in one place, with automatic deletion of records when required, as well as verification of this deletion.
WHAT IS THE DOCUMENT MANAGEMENT PROBLEM SMES FACE?
“Where’s [Employee’s name here] employment contract?”
“How many sick leave days has [Employee’s name here] had this year?”
“Has [Employee’s name here] completed the new Health and Safety training?”
“Has [Manager’s name here] been told he’s in the Labour Court next month because we didn’t have the required statutory records in relation to [Employee’s name here]?”
Understanding and valuing the HR Function in the Organisation is one thing. Demonstrating this by having a functioning HR Documentation system is another. And if a Business doesn’t have its HR Documentation house in order, there will be problems. Guaranteed.
HR Duo’s service is like Software-as-a-Service. You don’t have to buy and own the software, or incur the cost of associated hardware to operate it. You just pay a cost-per-employee, and from there, we’ve got your back where HR matters are concerned.
HR Document Compliance
Employee files contain highly sensitive information; controlling access is critical. Further, the laws and regulations governing employee documents are extensive – and GDPR places particular emphasis on personal information of the type held by HR systems. It is critical that you have systems that help you manage compliance with GDPR, supporting retention schedules, providing easy reporting on missing or expiring documents, and protecting sensitive information with secure, role-based access.
HR Duo keeps one step ahead of compliance, so you can enjoy a good night’s sleep.
We make sure you are 100% compliant, have access to the latest legislation and information, and when required, can receive case-specific advice and support. It’s outsourced HR expertise and execution, supported by cutting-edge cloud technology.
As part of its service to clients, HR Duo does something else we feel is very important: we allow you to focus on what you do best in terms of managing and building your business.
Being small is not an excuse. Every SME needs a HR software system that records and provides employee reports, whether the details are salary, performance, sick leave, or holidays. As part of this, Employee-related electronic calendars are maintained, recording contract periods and dates, completion of probation and periodic performance reviews.
HR Duo’s clients can concentrate on what they do best because we create, populate and manage a comprehensive HR Document Management system on their behalf.
Compliance and all other aspects of HR Administration are professionalised – efficiently and cost-effectively.
Which means neither your Company nor [insert your Manager’s name here] have to look less than 100% competent and legally compliant where [insert your Employee’s name here]’s HR documentation is concerned. Or anyone else’s, for that matter.
WHAT ARE THE GDPR OBLIGATIONS ON EMPLOYERS IN RELATION TO HR DOCUMENTS?
- Ensure employees and HR teams see only documents they are allowed to see, based on document type or user role
- Keep track of all documents and take action if some are missing/altered
- Keep track of documents that expire (visas, certifications, Garda Vetting etc)
- Maintain an audit trail that tracks actions performed on a document, such as sharing, downloading, and deleting
- Securely share documents with authorised third-parties if appropriate
- Define retention schedules for each document type, managing global compliance with GDPR
- Actively manage the entire document lifecycle for employee files, from creation to deletion.
WHAT ARE THE MAIN RESPONSIBILITIES UNDER GDPR OF OWNER/MANAGERS IN RELATION TO EMPLOYEE DATA?
- To comply with the Data Protection Regulation when dealing with personal data of any kind.
- You and your staff must only access, change, erase, copy, or make use of any information (including personal data) if authorised to do so and if it is in keeping with allocated work duties.
- You must not pass on personal data about any individual where those details are known to you because of the person’s employment with the organisation, unless you have the prior consent of the individual.
- You must give a description of any data held about an employee on request and the purposes for which it is kept, within 21 days of the date of request.
WHAT ARE THE SPECIFIC REQUIREMENTS AROUND EMPLOYEE DATA RETENTION?
There are specific requirements to retain data for periods under different employment related legislation. GDPR compliant HR software should be capable of managing these periods and provide reports and alerts when the time frames are due to expire.
Employee data, like most data, should only be collected and held for specific and legitimate purposes and should be done in accordance with the GDPR/Data Collection and Retention Policy.
Legislation and regulations frequently inform an employer as to the required length of time that any data needs to be retained. The two tables following set out the required and the recommended data retention times.
Table 1 – Legal Data Retention Requirements
|Title of Legislation||Retention Period Specified|
|Terms of Employment (Information) Acts 1994 to 2012||Duration of employment and one year thereafter|
|Payment of Wages Act 1991||Six years unless Revenue states otherwise|
|National Minimum Wage Act 2000||Three years|
|Organisation of Working Time Act 1997||Three years from date of making record|
|Protection of Young Persons (Employment) Act 1996||Three years|
|Carer’s Leave Act 2001 – records||Eight years|
|Carer’s Leave – notice of leave||Three years|
|Parental Leave Acts 1998 and 2006||Eight years|
|Parental Leave||One year|
|Employment Permits Acts 2003 to 2012||Five years or duration of employment|
Table 2 – Recommended Data Retention Periods for other data
|Title of Legislation||Recommended Retention Period|
|Maternity Protection Acts 1994-2004||One year|
|Recruiting (shortlisting, interview notes etc.)||One year|
|Settlement Agreement and associated documentation||Seven years|
|Employment Equality Acts 1998-2015||One year|
|Unfair Dismissals Acts 1977-2015||One year|