<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=127469634355496&amp;ev=PageView&amp;noscript=1">
Let's Talk

Let's Talk

GDPR and Security: A Challenge or an Opportunity?
Blog Feature Subscribe
Alexandre Menguy, Global Security Manager

By: Alexandre Menguy, Global Security Manager on August 15th, 2017

Print/Save as PDF

GDPR and Security: A Challenge or an Opportunity?

Compliance and Security

Est. Read Time: 3 min.

Cyber attacks have been making headlines in recent months, especially with the Wanna Cry and NotPetya attacks in May and June. And with the fast approaching deadline for GDPR compliance, set for May 25, 2018, the issue of data security is becoming more and more of a concern for organizations. What impact will this have on HR?


The GDPR: A New Era in Data Security

The GDPR (General Data Protection Regulation) introduces a new set of regulations for the protection of personal data and privacy, which will have a resounding impact on security measures. Because the new regulations will significantly change how privacy is managed, security must be managed in advance of GDPR going into effect.


The Impact on HR

From their start date to their last day on the job, employees generate a large amount of personal data that HR must collect, manage, and store - for instance, a simple Excel file containing contact information constitutes personal data that must be properly managed. New regulations under the GDPR will directly impact the requirements for how this information is managed.


Changes Under the GDPR

GDPR and Security- A Challenge or an Opportunity- (1).pngThe objective of the GDPR, which will go into effect in 2018 in Europe, is to give control back to citizens over their personal data through a single, unified set of privacy protection rules for the European Union.


On May 25, 2018, the GDPR will effectively replace the 1995 Directive (95/46/EC). The new regulation will apply to all countries in the same way. Any company with employees residing in the EU must comply with the GDPR, even if the company’s main offices are located elsewhere. Additionally, the GDPR’s requirements will apply to third-party vendors (or data subcontractors) who process employee data on behalf of a company with employees residing in the EU.

The 5 Main Principles of the GDPR
  1. Accountability: the burden of proof of compliance is placed on the company.
  2. Privacy by design: privacy regulations must be accounted for in the design of information systems, databases, and applications.
  3. Dedicated oversight: the appointment of a data protection officer (DPO) is required.
  4. Security by default: the default configuration settings in all software must be the most secure settings.
  5. Privacy impact assessment.

Data Security Issues in Articles 32 and 33

Safety objectives under Article 32 include:

  • Use of mechanisms like encryption and anonymization to reduce the exposure of private data
  • Confidentiality, integrity, and accessibility of systems and processing services
  • Access to personal data in the event of an incident
  • Testing, analysis, and evaluation

But Article 32 is not the only article that can affect security. Thus, Article 33 introduces a notification requirement in the event of a security event leading to the loss, disclosure or destruction of data. Even if this is not explicitly described in the regulation, notification implies being able to detect these potential security events, also known as Data Breach.

For HR, this translates into a heightened focus on:

  • Communication about general data protections
  • Security and entitlement management
  • Data retention policies
  • Global information for candidates and collaborators

How PeopleDoc Supports GDPR Compliance

A digital solution, such as PeopleDoc’s HR Service Delivery Platform, can help HR meet these needs and optimize compliance with the GDPR.

Security, privacy, integrity, accessibility, and notification requirements are integral to PeopleDoc services. We go beyond our customer’s expectations to proactively maintain the security of our cloud-based services and our internal processes:

  • Data encryption, both when data is at rest and in transit
  • Perimeter security and network segregation
  • Protection against attacks on services and applications
  • Platform redundancy
  • Multiple security testing strategies, including annual security audits, private searches for bugs, and continuous security tests
  • Organizational security, including IT security management system (WSIS) certified ISO/IEC 27001
  • Software development lifecycle, to ensure software security throughout its development
  • Internal awareness program for security risks, practices, and data privacy
  • Implementation of an HIDS intrusion detection system
  • Dedicated security team for platform monitoring

Learn More About Our Security Policies

Far from being a set of restrictive constraints, the GDPR is an opportunity for HR to optimize data management processes as well as enhance the employer brand for their company. While there is a business challenge to comply with these regulations, it’s also an opportunity for HR to engage with employees throughout the process.

Your Complete GDPR Checklist
  • Identify sensitive data
  • Write a charter of good practices
  • Define the role and responsibilities of the Data Protection Officer
  • Prepare for the possibility of a data breach
  • Create a catalogue of your employee data
  • Communicate internally and train your staff
Download our memo to learn more about the impact of the GDPR
Download our memo to learn more about the impact of the GDPR

You May Also Be Interested In:

Why HR should care about accessible technology

In honor of Global Accessibility Awareness Day we’re explaining what accessibility means and why businesses and their HR leaders should pay attention to it. As the world becomes increasingly digital, you’ll surely encounter the need to evaluate new workplace software or tools. For HR especially, considering whether new technology is accessible can make a world of difference for the employee experience. Here’s a brief overview of what you need to know about accessibility:  

Read More

How NCR stays on top of managing employee record retention guidelines

With 30,000 employees located across all 7 continents, Dana LaBarnes, Senior Director of Global HR Shared Services at NCR, has his work cut out for him. Consider how many different employee record retention guidelines his team must manage—and the fines associated with letting just one document slip through the cracks. It’s not a risk NCR (nor any company) can afford to take. To stay on top of the various document retention schedules for his geographically diverse employee population, Dana needed to find a digital solution. In this video, he explains how he made his decision:  

Read More

Be ready for the exit: The HR implications of Brexit

In 2016 the people of the United Kingdom voted to no longer be a part of the European Union. After Brexit, new legislation will come into effect. Even if conditions and the date of the exit are still under negotiation and preparation, and the details still unclear, we already know that it will be very impactful for all areas of life in the UK and the EU, including implications for international businesses and their HR departments.

Read More

What is the CCPA and what does HR need to know?

The California Consumer Privacy Act (CCPA), intended to protect the privacy of California residents, is having a ripple effect across the United States. Originally designed to give California consumers new rights, the definition of “consumer” in the Act is so broad that your workforce data may also be affected. If you're an employer who may be impacted by the CCPA, here are 5 actions you can consider before the new privacy law goes into effect on January 1, 2020.

Read More

About Alexandre Menguy, Global Security Manager

Alexandre Menguy is Global Security Manager at PeopleDoc. He manages PeopleDoc's information security management system and ensures the maintenance of the security certifications. He is a former senior cybersecurity advisor and auditor. Alexandre holds a Master's Degree in Engineering from Telecom Paristech an lives in Paris, France.