The recent introduction of the General Data Protection Regulation (GDPR) law has forced businesses to completely rethink and reassess the ways they handle personal data.
It’s a response to the European Union’s stringent new requirements on how information can be collected, stored and shared. Much of the focus, so far, has been on how this affects customer and client data, for example in marketing departments.
Much less attention has been paid to the one place where every business has to handle personal data on a daily basis - the HR department. This lack of focus was one of the issues raised at the recent ‘Data Risks of New Hires’ expert panel, organised by PM Insight and webonboarding.
The session looked at the scale of the HR challenge that’s posed by GDPR. Of particular importance are the systems and processes hiring teams use to handle the collection of personal data during the onboarding process.
Onboarding as a process refers to the completion all of the tasks that are required to integrate successful applicants into an organisation. This includes the tasks from issuing contracts for signing and reference checks to making onboardees aware of your privacy policies, company procedures and the issuing of welcome packages.
Risks posed by onboarding efficiency
It’s a critical area for GDPR compliance as it’s the time when important decisions are made on what, how and why personal data is collected. Mistakes made during the onboarding process can prove costly further down the line.
A particular risk is posed by a reliance on inefficient and error-prone HR processes to manage new hires. Typically, most companies still handle onboarding manually, via a combination of posted paperwork, phone calls and emails.
It creates a system where employee information is liable to become dangerously fragmented and scattered throughout an organisation - held in different formats across multiple locations. This lack of data control stifles HR’s ability to comply with the five key requirements set-out in the GDPR legislation. These are:
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
You can find a full overview of what these are and how they impact onboarding here: [Link]
The implications of GDPR compliance breaches are something that businesses need to take seriously. Organisations found in breach of the laws now face fines of up €20 million, or four percent of annual turnover.
Compliance benefits of automated systems
To minimise the risks, more organisations are moving over to automated onboarding systems which remove the need for manual handling of data. A system such as webonboarding allows the whole process to be automated and streamlined.