Personal and professional data is largely archived online these days. A lot of internet companies which are supposed to keep data secure have been found to be breaching these laws. Recently, Facebook was in legal turmoil after it was found leaking its users’ personal data. These incidents hold a lot of significance as this data is highly personal in nature and can be used for nefarious purposes.
In the corporate sector, employees’ personal data is archived through both digital and physical methods. The EU has passed a regulation called the GDPR (General Data Protection Regulation) to ensure data protection and privacy for all individuals across the European Economic Area (EEA). The idea behind this regulation was to curb unethical practices and to give more control to individuals over their personal data.
The regulation makes it clear that any data controller must employ technical or organizational safeguards to implement data protection under GDPR. It was ensured that no personal data can be processed by controllers or the organization without the clear consent of the concerned individual. This new regulation caused a lot of companies to change their privacy policies. The individual also holds the right to revoke his consent whenever he wishes to. This regulation was welcomed by the general public since the breach of data can cause a lot of personal and professional grievances. This regulation was implemented on the 25th of May, 2018 and a lot of organizations have molded their company policies accordingly. Like Facebook, Google was also accused of violating the regulation by several countries.
In any organization, it is the responsibility of the HR department to catalog and safeguard the data of the employees. According to the GDPR, after the termination of contract or employment, the organization can no longer retain the data of the former employee. However, studies reveal that about a third of HR teams admit to breaching the terms of the GDPR by illegally retaining the data of terminated employees. For all intents and purposes, the data of an employee who has left the organization for any reason is considered expired data and must be deleted from the archives immediately.
A lot of HR departments were also found violating another of GDP’s requirements, giving the employees access to their data. The right to access and rectify data given to an individual is mentioned in the GDPR. Studies find that HR teams are not deleting the data of employees. This practice is not just a direct breach of the GDPR but can also be potentially harmful.
A lot of these malpractices in these HR consulting actions can be attributed to the short time frame in which the regulations were implemented. Improper understanding of the GDPR can lead to a lot of confusion which is the case for most firms. Outdated methods of data archiving also make it difficult to delete data. Automated systems are helpful as there is no scope for human error. However, some organizations still archive their employees’ information the old fashioned way, in physical copies of the documents which make it harder to delete.