Why do SMEs need GDPR Compliant HR Software?
GDPR is a legally onerous and potentially time-consuming responsibility for Business Owners, HR Managers, and effectively all Employers. GDPR-compliant HR Software is a major assistance to Business Owners, Managers and the HR Function, easing the impact of GDPR and giving the business the necessary peace of mind.
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Since then, there is one set of data protection rules for all companies operating within the EU. GDPR is designed to give people more control over their personal data, while also meaning there is a ‘level playing field’ for all businesses where data control and responsibilities are concerned.
But be warned: ‘level playing field’ is a euphemistic way of saying every employer and small business owner had better take the protection of employee data very seriously. That means securing and managing employee information and details. And being accountable if you don’t. Employee Data, documents – and anything that relates to their personal details and privacy – needs to be stored, secured and managed. Staff records need to be stored in one place, with automatic deletion of records when required, as well as verification of this deletion.
What does GDPR Compliant HR Software do for the owners of SMEs?
- All Employee data and documents are stored in a GDPR-compliant fashion
- There is complete version control for all key documents
- Automatic deletion of records can be effected when required and verification of deletion
- A clear Audit trail of staff information is maintained and can be called-up when needed
- The recording, organisation and management of all staff records is in one place, and is secure.
- Business owners and HR Managers can focus on their key objectives in the knowledge that they are legal, compliant, and taking as little time as possible in achieving this.
What rights do Employees have under GDPR legislation?
Under GDPR, Employees have a number of rights with regard to their personal data.
- They have the right to request access to and rectification or erasure of personal data,
- The right to restrict processing
- They can object to processing
- In certain circumstances the right to data portability.
An employee should have provided consent for the processing of their data in their Employment Contract.
What are the main responsibilities under GDPR of owner/managers in relation to employee data?
- To comply with the Data Protection Regulation when dealing with personal data of any kind.
- You and your staff must only access, change, erase, copy, or make use of any information (including personal data) if authorised to do so and if it is in keeping with allocated work duties.
- You must not pass on personal data about any individual where those details are known to you because of the person’s employment with the organisation, unless you have the prior consent of the individual.
- You must give a description of any data held about an employee on request and the purposes for which it is kept, within 21 days of the date of request.
Are there specific requirements around Employee Data Retention?
There are specific requirements to retain data for periods under different employment related legislation. GDPR compliant software should be capable of managing these periods and provide reports and alerts when the time frames are due to expire.
Employee data, like most data, should only be collected and held for specific and legitimate purposes and should be done in accordance with the GDPR/Data Collection and Retention Policy.
Legislation and regulations frequently inform an employer as to the required length of time that any data needs to be retained. The two tables following set out the required and the recommended data retention times.
Table 1 – Legal Data Retention Requirements
|Title of Legislation||Retention Period Specified|
|Terms of Employment (Information) Acts 1994 to 2012||Duration of employment and one year thereafter|
|Payment of Wages Act 1991||Six years unless revenue states otherwise|
|National Minimum Wage Act 2000||Three years|
|Organisation of Working Time Act 1997||Three years from date of making record|
|Protection of Young Persons (Employment) Act 1996||Three years|
|Carer’s Leave Act 2001 – records||Eight years|
|Carer’s Leave – notice of leave||Three years|
|Parental Leave Acts 1998 and 2006||Eight years|
|Parental Leave||One year|
|Employment Permits Acts 2003 to 2012||Five years or duration of employment|
Table 2 – Recommended Data Retention Periods for other data
|Title of Legislation||Recommended Retention Period|
|Maternity Protection Acts 1994-2004||One year|
|Recruiting (shortlisting, interview notes etc.)||One year|
|Settlement Agreement and associated documentation||Seven years|
|Employment Equality Acts 1998-2015||One year|
|Unfair Dismissals Acts 1977-2015||One year|