The compliance dangers of fragmented onboarding data

 

paper work

How many forms of communication does your organisation use to handle the process of employee onboarding?

For most HR and hiring teams, the onboarding process involves multiple methods, an onboarding checklist covering - paperwork, phone calls, emails and texts.

Contracts will be posted, policy documents emailed and calls made to finalise arrangements before a new hire starts. It’s a combined approach which makes effective management and control of employee data extremely challenging. It feels like there is a huge onboarding gap - the part between from being made an offer as a new hire to becoming a new starter on day one.

Manual onboarding creates a system in which information is prone to becoming scattered; held in different formats and across multiple locations. Plus this kind of fragmentation stifles HR’s ability to comply with data management laws.

A particular risk is posed by the EU’s recently introduced GDPR (General Data Protection Regulation) legislation. This sets out the need to scrupulously manage personal data. The requirements are outlined within a number of key concepts. Here are the specific areas where data fragmentation is liable to cause GDPR compliance issues:

Storage Limitation

This sets out the need to ensure that any data that’s collected during the onboarding process is relevant and, if not, is quickly and efficiently removed. On the surface, this seems like a simple task. But when data becomes fragmented, removing all instances of information becomes a real struggle for hiring teams.

There is a requirement to keep track of each and every time personal data has been collected, shared or stored. Every document and photocopy, ever email that has been received and shared between individuals and departments. Even when emails are deleted, the information is liable to remain within the system, in the form of archive or ‘deleted items’ folders.

Confidential and secure

This emphasises the need to ensure that all personal information is securely stored and controlled, with organisations accepting full responsibility for any data breaches - wherever they occur. Any kind of data fragmentation will significantly heighten the risks of information being accessed by unauthorised personnel. This is particularly the case when onboarding documents are having to be sent via the postal system. Emails pose problems with a lack of effective monitoring or control over how and where messages are shared. Trying to identify all instances of an email with an organisation is a painstaking and error-prone task.

Lawful and transparent

A vital area of GDPR is the need to supply employees with information on exactly what data you are storing on them. There is a legal requirement to quickly respond to these Data Subject Access Requests (DSAR).

Trying to comply with these requests can use up considerable HR resources when onboarding data has to be manually collated and is being stored in multiple formats and locations. There is also the risk of providing incomplete or incorrect details. As knowledge and understanding of these new data privacy rights spreads, the frequency and volume of the DSAR requests being handled by HR is likely to keep increasing over time.

The ability to shield against data fragmentation is a core benefit that’s delivered by cloud-based onboarding solutions. A system such as webonboarding helps you to work towards GDPR compliance and away from the  reliance on traditional methods of data storage.

All of the communications that take place between HR, line managers and onboardees are handled via an online portal. The use of digital document signing allows contracts to be dealt with online, with no need for documents to be sent via post. It provides hiring teams with an unprecedented level of data control when compared to traditional approaches. As well as minimising the risks of data fragmentation, it provides the tools needed to handle any number of DSAR requests.

While the GDPR legislation is still relatively new, the dangers of fragmented data will become more apparent over time. The potential punishments for companies who breach the data protection laws includes fines of up to €20 million or four percent of annual turnover. Talk to us about how webonboarding can help support with GDPR compliance.

Pin It
linkedin2
twitter2