Keeping an HR system safe is crucial, but how safe can they be? The honest answer to this question is that it will depend on the system you choose to use. Each system is different and has its own security settings and features to maximise security and prevent a data breach in the event of an attempted hacking.
What is the law?
Data security and GDPR in HR are vital to ensuring that the personal information of your employees is kept confidential and secure. The General Data Protection Regulation (GDPR) is a set of provisions that in 2018 were incorporated into the Data Protection Act. In an HR context, GDPR relates to how businesses collect, store and use employee data. The regulations set out seven key principles which are at the heart of data protection and act as the basis for best practice in correctly handling employee data. Adhering to these principles is vital in terms of GDPR in HR. The seven principles are as follows:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Full definitions of these principles can be found on the Information Commissioner’s Office (ICO) website.
Data security and GDPR in HR systems
Although they are all relevant, three of these principles clearly relate to GDPR in HR systems. They are Accuracy, Storage limitation and of course Integrity and confidentiality (security), with the latter being the principle that most people think of first. When considering GDPR in HR and HR systems, the aim for any business and their system provider is always to maximise security, and by making this a priority they are then doing their utmost to comply with the key principles of GDPR.
If you use a HR system, one of the things it will do is to reduce, if not totally eliminate, the need for hard copy and paper records. That instantly increases data security and reduces the risk of a potentially damaging data breach. You no longer have documents left lying around in open view on desks, or stored in filing cabinets that someone always forgets to lock at the end of the day (which is a massive risk to maintaining effective GDPR in HR!). Documents, forms and employee data are all stored electronically and this provides a much more robust approach to data integrity and confidentiality.
Getting GDPR in HR wrong
If GDPR is not managed effectively or appropriately, then the consequences can be wide ranging. If staff believe that their data is not being collected, used or stored correctly, this may result in grievances and loss of trust from staff in an employer. In such instances staff, can make a report to the ICO, and this could result in investigations which can be stressful and time consuming for all concerned.
Data breaches can also occur for a variety of reasons, often simple human error, and the ICO has strict guidance for dealing with and reporting breaches which must be followed. If a business is found to have breached GDPR then this could result in reputational damage and the fines can also be significant.
For example, supermarket chain Morrisons was previously the victim of a huge data breach when an employee accessed and then leaked details of nearly 100,000 staff on the internet. This incident resulted in reputational damage for the company, a spend of over £2m to rectify the breach, and an 8 year jail sentence for the perpetrator.
H&M were fined approximately £30.4 million in 2020 for unlawfully collecting and storing information about employees’ families, religions and medical history. Whilst H&M is an extreme example, there are set penalty levels. Infringements deemed to be less severe can lead to a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. More serious infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.
How secure is HRX?
First off, HRX is accessed using two factor authentication which provides an added layer of protection. In HRX, there are different levels of access and so users can only see what they absolutely need to. Our super savvy HRXperts understand that protecting the data, or you and your employees is hugely important and we take our responsibility to look after this data seriously. That’s why HRX was built with security at the forefront of our minds.
We don’t want to confuse you with tech speak, but HRX stores data in an encrypted format using Transport Layer Security, which means that in the event of the system being hacked, all of the data is encrypted and illegible which renders it useless to the hacker. In addition, HRX is hosted in an Amazon Web Service (AWS) estate with a firewall, and we run regular external penetration tests (where someone tries to hack it) to ensure that your data stays safe. If the unlikely event that you trial or use HRX and decide that it’s not for you, we’ll keep your data for 30 days in case you change your mind. Once those 30 days are up, we then securely destroy your data.
Try HRX for yourself
All in all, we’ve made our HR software as secure as we can. HRX adheres to strict GDPR guidelines so that you have peace of mind when it comes to trusting us with the sensitive personal data or you and your team. You can try out our software yourself for free by simply signing up for a free trial.