A date with HR data laws
Are you responsible for the HR administration in your business? You’ve got a lot riding on your shoulders. Keeping track of it all and ensuring its usable is a big challenge and it only gets bigger the more your business grows believe us! But forget how you use the data you hold for a minute, this blog is all about what we hope will be your number one priority when handling employee information; data security. It’s something easily forgotten in smaller businesses, but your responsibilities are the same whether you have 1 employee to 1000, and your task to keep it safe goes further than a bi-yearly session with the shredder.
Everyone responsible for managing employee data in your business must closely adhere to the Data Protection Acts of 1988 & 2003*. These acts are made up of 8 principles which when acted upon serve to keep you, your business and your staff safe from data misuse. It’s not the most exciting or glamorous of topics you’ll find us writing about, but its importance can’t be underestimated. Employers have landed themselves in hot water before now by failing to manage their information properly.
To put it all into perspective, aside from the standard information you’ll have consider right now what information you hold about your staff and other employees that have since moved on from the business. What do you do when a Subject Access Request (SARS) arrives? This may be from a customer or a disgruntled employee on a fishing trip. Currently you have 40 days to provide the information; usually requiring an awful lot of work sifting through emails, CRM systems, payroll, employee or customer files as well as any hard copies. You could have their personal passwords, their personal emails, recorded phone conversations, maybe even certain medical information. All of this is subject to the Data Protection Act and so needs to be held securely, or wiped if not needed. Employees have a legal right to request from you the information that you hold about them so make sure what you do have is justifiable and in-line with the Act.
Hopefully understanding the importance of this will make you think about how you could improve data security in your own business. Building in good processes that cover the Act from the group-up is a good place to start. And to keep your data secure why not move it on to a secure server like the one we use for our HR Toolkit platform? Choose the right one, it will keep your data safe through encryption and password protection as well as make your paper files redundant. No more trips to the shredder then!
This all plays a considerable part of being a responsible employer so make sure data security is something you’re aware about and engaging with. If you’re not sure quite where to start, The HR Dept can help.
*Take a look at the Data Protection Act to make sure you know your rights