Products
Back
HR Service Delivery
Employee Experience
Employee Case Management
Back
Process Automation
Advanced Analytics
Employee File Management
Back
Advanced Document Generation
Advanced Analytics
Employee Surveys

See how HR Service Delivery completes your tech stack

Get the Fosway Group Report
Solutions
Back
Ensure HR Business Continuity
Power HR Shared Services
Accelerate Employee Onboarding
HR’s Role in Mergers and Acquisitions
Navigate Global HR Compliance

Take Care of Your Employees and Minimize Business Disruptions

Download the Business Continuity Overview
Services
Back
Implementation
Learning I/O
Standard Care
Customer Success Services
HR Compliance Assist

See How PeopleDoc Customers Remain in Compliance Globally

Learn More About HR Compliance Assist
Customers
Partners
Resources
Back
Blog
Resource Center

Ready to switch from paper to digital employee files?

Get the guide
Support
Contact
Careers
Language
Back
Deutsch
Nederlands
English / US
English / UK
Español
Français

Envision PeopleDoc for Your Team

Try it now
GDPR and Security: A Challenge or an Opportunity?
Blog Feature Subscribe
Alexandre Menguy, Global Security Manager

By: Alexandre Menguy, Global Security Manager on August 15th, 2017

Print/Save as PDF

GDPR and Security: A Challenge or an Opportunity?

Compliance and Security

Est. Read Time: 3 min.

Cyber attacks have been making headlines in recent months, especially with the Wanna Cry and NotPetya attacks in May and June. And with the fast approaching deadline for GDPR compliance, set for May 25, 2018, the issue of data security is becoming more and more of a concern for organizations. What impact will this have on HR?


The GDPR: A New Era in Data Security

The GDPR (General Data Protection Regulation) introduces a new set of regulations for the protection of personal data and privacy, which will have a resounding impact on security measures. Because the new regulations will significantly change how privacy is managed, security must be managed in advance of GDPR going into effect.


The Impact on HR

From their start date to their last day on the job, employees generate a large amount of personal data that HR must collect, manage, and store - for instance, a simple Excel file containing contact information constitutes personal data that must be properly managed. New regulations under the GDPR will directly impact the requirements for how this information is managed.


Changes Under the GDPR

GDPR and Security- A Challenge or an Opportunity- (1).pngThe objective of the GDPR, which will go into effect in 2018 in Europe, is to give control back to citizens over their personal data through a single, unified set of privacy protection rules for the European Union.


On May 25, 2018, the GDPR will effectively replace the 1995 Directive (95/46/EC). The new regulation will apply to all countries in the same way. Any company with employees residing in the EU must comply with the GDPR, even if the company’s main offices are located elsewhere. Additionally, the GDPR’s requirements will apply to third-party vendors (or data subcontractors) who process employee data on behalf of a company with employees residing in the EU.

The 5 Main Principles of the GDPR
  1. Accountability: the burden of proof of compliance is placed on the company.
  2. Privacy by design: privacy regulations must be accounted for in the design of information systems, databases, and applications.
  3. Dedicated oversight: the appointment of a data protection officer (DPO) is required.
  4. Security by default: the default configuration settings in all software must be the most secure settings.
  5. Privacy impact assessment.

Data Security Issues in Articles 32 and 33

Safety objectives under Article 32 include:

  • Use of mechanisms like encryption and anonymization to reduce the exposure of private data
  • Confidentiality, integrity, and accessibility of systems and processing services
  • Access to personal data in the event of an incident
  • Testing, analysis, and evaluation

But Article 32 is not the only article that can affect security. Thus, Article 33 introduces a notification requirement in the event of a security event leading to the loss, disclosure or destruction of data. Even if this is not explicitly described in the regulation, notification implies being able to detect these potential security events, also known as Data Breach.

For HR, this translates into a heightened focus on:

  • Communication about general data protections
  • Security and entitlement management
  • Data retention policies
  • Global information for candidates and collaborators

How PeopleDoc Supports GDPR Compliance

A digital solution, such as PeopleDoc’s HR Service Delivery Platform, can help HR meet these needs and optimize compliance with the GDPR.

Security, privacy, integrity, accessibility, and notification requirements are integral to PeopleDoc services. We go beyond our customer’s expectations to proactively maintain the security of our cloud-based services and our internal processes:

  • Data encryption, both when data is at rest and in transit
  • Perimeter security and network segregation
  • Protection against attacks on services and applications
  • Platform redundancy
  • Multiple security testing strategies, including annual security audits, private searches for bugs, and continuous security tests
  • Organizational security, including IT security management system (WSIS) certified ISO/IEC 27001
  • Software development lifecycle, to ensure software security throughout its development
  • Internal awareness program for security risks, practices, and data privacy
  • Implementation of an HIDS intrusion detection system
  • Dedicated security team for platform monitoring

Learn More About Our Security Policies

Far from being a set of restrictive constraints, the GDPR is an opportunity for HR to optimize data management processes as well as enhance the employer brand for their company. While there is a business challenge to comply with these regulations, it’s also an opportunity for HR to engage with employees throughout the process.

Your Complete GDPR Checklist
  • Identify sensitive data
  • Write a charter of good practices
  • Define the role and responsibilities of the Data Protection Officer
  • Prepare for the possibility of a data breach
  • Create a catalogue of your employee data
  • Communicate internally and train your staff
Download our memo to learn more about the impact of the GDPR
Download our memo to learn more about the impact of the GDPR

You May Also Be Interested In:

Data Protection While Working from Home: Tips for a Remote Work Policy

If your office-based employees recently transitioned to working from home, now may be the perfect time to take a second look at the security tips included in your remote work policy. Not sure where to start? Sharing these best practices with your employees can help to make sure everyone is following the same standards, no matter where they work. Consider adding the three suggestions below to your policy (be sure to talk it over with your security team, first). 

Read More

3 ways HR can increase employee data privacy awareness

Last week, organizations around the world celebrated Data Privacy Day, an annual event with the goal of increasing data protection awareness. But, what can HR do to increase awareness after Data Privacy Day is over? After all, protecting personal employee data isn’t just a one-day project. Here are three things HR teams can do now to put privacy first every day:

Read More

Why HR should care about accessible technology

In honor of Global Accessibility Awareness Day we’re explaining what accessibility means and why businesses and their HR leaders should pay attention to it. As the world becomes increasingly digital, you’ll surely encounter the need to evaluate new workplace software or tools. For HR especially, considering whether new technology is accessible can make a world of difference for the employee experience. Here’s a brief overview of what you need to know about accessibility:  

Read More

About Alexandre Menguy, Global Security Manager

Alexandre Menguy is Global Security Manager at PeopleDoc. He manages PeopleDoc's information security management system and ensures the maintenance of the security certifications. He is a former senior cybersecurity advisor and auditor. Alexandre holds a Master's Degree in Engineering from Telecom Paristech an lives in Paris, France.