Products
Back
HR Service Delivery
Employee Experience
Employee Case Management
Back
Process Automation
Advanced Analytics
Employee File Management
Back
Advanced Document Generation
Advanced Analytics
Employee Surveys

See how HR Service Delivery completes your tech stack

Get the Fosway Group Report
Solutions
Back
Ensure HR Business Continuity
Power HR Shared Services
Accelerate Employee Onboarding
HR’s Role in Mergers and Acquisitions
Navigate Global HR Compliance

Take Care of Your Employees and Minimize Business Disruptions

Download the Business Continuity Overview
Services
Back
Implementation
Learning I/O
Standard Care
Customer Success Services
HR Compliance Assist

See How PeopleDoc Customers Remain in Compliance Globally

Learn More About HR Compliance Assist
Customers
Partners
Resources
Back
Blog
Resource Center

Ready to switch from paper to digital employee files?

Get the guide
Support
Contact
Careers
Language
Back
Deutsch
Nederlands
English / US
English / UK
Español
Français

Envision PeopleDoc for Your Team

Try it now

HR Service Delivery & GDPR

General Data Protection Regulation

 

Last Updated: July 2021

Page en français disponible ici.

Blog Image Security Shield

What is the General Data Protection Regulation? 

The General Data Protection Regulation (GDPR) is a new set of rules designed to improve data privacy and create consistent privacy laws across the European Union. Effective May 25, 2018, the GDPR was created to replace the 1995 EU Directive as well as fragmented national data privacy laws. The Regulation makes companies and subcontractors more responsible for protecting individuals’ personal data.

 

Data Protection Commitments

As a French-born company, PeopleDoc is fully committed to GDPR compliance across PeopleDoc services. We have updated our data protection policies and practices and we are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts.

 

Download the GDPR Compliance Workbook for HR

 

Data Processing Agreements

PeopleDoc is considered a Data Processor and shall help and cooperate with Data Controllers (Customers) in their obligations regarding data protection laws and regulations. The only exception to this is the PeopleDoc Service MyPeopleDoc (“MyPeopleDoc”), where PeopleDoc acts as a Data Controller. 

PeopleDoc has made available for its Customers a Data Processing Agreement. For additional information, please contact pdoc-privacy@ukg.com.

 

Processing According to Instructions

PeopleDoc processes customer data only at the express instruction of Customers (Data Controllers) and does not profile or use our clients’ personal data for advertising purposes.

 

Personnel Confidentiality Commitments 

All PeopleDoc employees are required to sign a confidentiality agreement and complete mandatory security and privacy trainings that specifically address responsibilities and expected behaviour with respect to the protection of information.

 ____________________

 

Use of Sub-Processors

 

GDPR FOR HR THE ULTIMATE COMPLIANCE CHECKLIST PeopleDoc directly conducts the majority of data processing activities required to provide the PeopleDoc Services. However, we do engage some third-party vendors to assist in supporting specific parts of these services. Each vendor goes through a rigorous selection process to ensure it has the required technical expertise and can deliver at least the same level of security and privacy that PeopleDoc offers its Customers.

We make information available about PeopleDoc sub-processors here and we include commitments relating to sub-processors in our agreements.

 ____________________

 

Security Standards and Certifications

 

security_lpPeopleDoc operates an infrastructure designed to provide security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with privacy safeguards and secure communications between PeopleDoc Services.

Our customers and regulators expect independent verification of security, privacy, and compliance controls. PeopleDoc undergoes independent third-party audits on a regular basis to provide this assurance.

 

ISO/IEC 27001:2013 (Information Security Management System)

ISO 27001 is an international standard of practice for information security controls based on ISO/IEC 27002, specifically for Cloud Services. PeopleDoc has been certified compliant with ISO:IEC 27001:2013 for its product and services.

 

ISO/IEC 27017:2015 (Cloud Security)

Building off of the ISO 27001 foundations, the ISO 27017 standard is specific for cloud service providers, designed to cover cloud-based environments. PeopleDoc has been certified compliant with ISO:IEC 27017:2015 for its product and services.

 

ISO/IEC 27018:2014 (Cloud Privacy)

ISO 27018 certifies our management system for protection of Personal Identifiable Information (PII) in cloud environments. PeopleDoc has been certified compliant with ISO:IEC 27018:2014 for its product and services.

 

SSAE16 / ISAE 3402 (SOC 2)

The American Institute of Certified Public Accountants (AICPA) SOC 2 (Service Organization Controls) audit framework defines Trust Principles and criteria for security, availability, processing integrity, and confidentiality. PeopleDoc maintains a SOC 2 report for its product and services.

 ____________________

 

Cooperation with the Customers (Data Controllers)

Data Subject's Rights

Customers can use the PeopleDoc Services functionalities to help access, rectify, restrict the processing of, or delete any data on our systems. Furthermore, PeopleDoc is fully available to assist Customers fulfilling data subjects rights and requests.

 

Data Protection Team

PeopleDoc customers have a dedicated team where data protection related enquiries can be directed at pdoc-privacy@ukg.com.

 

Incident Notifications

PeopleDoc will promptly inform Customer and Data Subjects, when applicable, of incidents involving personal data.

 ____________________

 

Data Return and Deletion 

Administrators can export data, via the functionalities available in PeopleDoc Services, at any time during the term of the agreement. 

When PeopleDoc receives a complete deletion instruction from Customer (such as when a deleted document can no longer be recovered from the “trash”), the relevant data will be deleted from all systems unless retention obligations apply.

 ____________________

 

International Data Transfers 

Aligning HR Self Service with the Digital Transformation for Global HR Service Delivery Success at Amex-793260-editedThe GDPR provides for several mechanisms to facilitate transfers of personal data outside of the EU. These mechanisms are aimed at confirming an adequate level of protection or ensuring the implementation of appropriate safeguards when personal data is transferred to a third country.

Appropriate safeguards can be provided for by standard contractual clauses; An adequate level of protection can be confirmed by adequacy decisions such as the ones that supports the EU-U.S.and Swiss Privacy Shields. 

PeopleDoc contractually commits  to maintain a mechanism that facilitates transfers of personal data outside of the EU, as required by the GDPR.

 ____________________

 

HR Service Delivery GDPR Fact Sheets

 ____________________

Get started with the most innovative HR Service Delivery platform.

Let's Talk