One of the most time-consuming requirements for HR teams is ensuring that personal data is kept for no longer than is necessary.
“Over an employee’s lifecycle, employers collect and store hundreds if not thousands of pieces of data relating to individual employees; they just wouldn’t be able to operate smoothly otherwise.” explains John Hixon, R&D Director of Cezanne HR.
“However, under GDPR, companies can’t just hang on to that forever – nor can they simply delete everything after x number of years. Some data needs to be retained to enable compliance with other legislation, such as health and safety; some the company may want to hold on to on the basis of legitimate purposes, for example to enable them to track historic headcount.”
Cezanne HR’s new tool, provided for free with the company’s Cloud HR system, reduces the administrative burden on HR teams by allowing them to set up rules that automatically anonymise or delete data (and documents) according to their own specific requirements.
With a potential Brexit also threatening to further increase complexity and time demands (64% of the HR practitioners polled feel the burden imposed on them will grow bigger if the UK exits the EU), the new tool is just one of a number of features that Cezanne HR provides to assist its customers with GDPR compliance.
“Our aim is to give HR teams a tool that puts them in control, allows them to set up and maintain multiple policies for different parts of their organisation, and saves them huge amounts of time and unnecessary anxiety,” concludes John.
HR & GDPR: key information
As gatekeepers and processors of employee data, HR leaders and teams have the biggest role to play in ensuring the safe, secure and compliant processing of personal data. The data protection principles in the GDPR set out the key responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary; and
- Processed using appropriate technical or organisational measures in a manner that ensures appropriate security of the personal data.
For more information visit the website of the Information Commissioner’s Office (ICO)