HRMS and GDPR: How to ensure that your HR tech is compliant

Lately, there has been a spike in the adoption of HRMS system to regulate and streamline the HR process, from candidate relationship management, candidate sourcing and Applicant Tracking Systems to job posting and employer branding on one single platform. During the hiring process, the HR department collects and process a substantial amount of personal data, invariably storing them in their databases for future use. Although the HR tech solutions have technical controls in place for handling personal information, there is no uniform regulation in place which defines the compliance structure is maintained.

GDPR or General Data Protection Regulation is one such compliance standardization which is being adopted by European Union (EU), encompassing 28 members of the union. This will come into effect in May 2018 and is primarily focused on safeguarding individual’s personal data and the way it will be used by controllers like recruitment agencies and employers.

The requirements of the GDPR will trigger changes in the way the HR tech solutions are designed and operated. Here are a few key requirements which will affect the way the HR solutions need to be compliant:

  • The processor of the information should have the consent of the subject in the way the data collected will be used.

  • The appropriate quantity of data from the subjects should be collated. The data collected should be relevant to the position of the job.

  • The organizations need to ensure proper security control over data collected is maintained

  • The GDPR gives a right to the subjects to have their data removed from the databases of the controllers as and when the data becomes irrelevant for its intended purpose.

  • GDPR allows subjects or employees to port their data to another controller during the time of offboarding. The employee can take their personal data in a machine-readable format from one employer to another.

In order to accommodate the regulations defined by the GDPR, the HR tech solutions will need to ensure that they have provisions to adhere to the general data protection guidelines. The following are the ways to ensure the HR tech solutions are GDPR complaint:

  • The application tracking system being used should process candidate’s data according to documented instructions from the controller.

  • The HRMS should be able to identify the personal identification information and have the provision to pseudonymized the data or make it accessible only after furnishing additional information.

  • The system designed should be taken into account the minimum set of data relevant for processes without going overboard with data collection. The data collected should be loosely coupled with all the processes so that it doesn’t affect the system after data erasure.

  • The data sharing agreement with the partners should be made GDPR compliant. It should be made mandatory to update the privacy statements and outline the process of data usage in the recruitment process. This will accentuate transparency in the hiring process and make candidates aware of their rights.

  • The application tracking system should encrypt the candidate data to instill trust in the candidate.

  • Last but not the least, it’s always prudent to ask for candidate’s permission if you are likely to keep their data after job closing. For instance, during rejection email to a candidate or during offboarding.

As the clock is ticking to be GDPR compliant, it’s important for the business to make a call on an HR system which is GDPR complaint, run on cutting edge technology and ensures the highest level of security to the data a candidate entrust the business with.



Leave a Reply

six + 10 =