How much employee data do you store?
Does your business collect employee data? As an employer, you must evaluate people’s qualifications, support the team’s well-being, ensure workplace safety, manage salaries, benefits and sick days, as well as comply with legal requirements. In order to do all this properly, you must collect personal data. Let’s talk about the data you store about your employees and how to make sure you handle it in a manner that protects their privacy and complies with data regulations like GDPR.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Types of employee data
Let’s review some of the highly personal information you may store about your employees:
- Financial information. For example, you may collect bank account details for direct deposit of wages, tax information, and information related to benefits such as retirement plans.
- Insurance information. Details about insurance plans an employee is enrolled in, as well as their coverage levels and dependents.
- Background checks and criminal history: Background checks that include criminal history, credit history, driving records, and verification of professional licenses or certifications.
- Education and qualifications: For instance, degrees, certifications, diplomas, and any specialised training or skills relevant to the job.
- Pre-recruitment and annual examinations. Records of medical exams you require to ensure a person can meet or continue to meet the physical demands of their job.
- Sick leave management data. If an employee requests sick days or leave for doctor’s appointments or medical treatments, then you may still have those medical records.
- Parental leave. Any information related to pregnancy/birth you collected when processing requests for parental leave.
- Other absences. Requests to work part-time or take leave, for example, to care for a seriously ill or disabled family member, make funeral arrangements, etc.
- Workplace injury or illness records. For example, any work-related injuries or illnesses that occur on the job.
- Drug and alcohol test results. Any results from drug and alcohol testing you require for safety-sensitive work or as part of a general workplace policy.
- Health screenings and assessments. Data from voluntary health assessments as well as screenings from any wellness programs you provide.
- Fitness or wellness program participation. Information about an employee’s engagement in workplace wellness initiatives.
- Immunisation records. Records of vaccinations or antigen/antibodies tests if you require them in the workplace, especially during disease outbreaks.
- Employee assistance programs data. For instance, records of an employee’s participation in any counseling or support services you offer.
- Occupational health records. Health-related information specific to an employee’s work environment or occupational health risks.
Meanwhile, what about your emails and general communications with your employees? Often, people casually share personal information about themselves and even about their family members. Therefore, you should clean out your inboxes regularly. Otherwise, you could have tons of highly sensitive information about your employees floating around in them, at risk of leaks and breaches.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
How to keep employee data private
You have a legal responsibility to handle personal information in a confidential and secure manner. Additionally, employees have rights regarding their personal information, including the right to access and correct their own records.
So, how can you comply with these requirements? To begin with, let your employees know the types of data you collect from them and how you will use it. Then, make sure you keep it safe. Here are a few things you must do to keep employee data private:
- Regularly inventory the employee data you store.
- Check that all locations where you store employee data are secure.
- Set up access controls so that only authorised employees can view others’ data.
- Use encryption when you need to share or request personal data.
- Only use employee data if you still need it for the purposes for which you collected it.
- Set limits for how long you will keep employee data.
- Delete what you no longer need in order to minimise risk.
- Educate employees about the importance of safeguarding their colleagues’ information.
It all starts with finding out how much data you have and where you store it. Then, keep track of data to make sure it does not linger unprotected in your systems and inboxes. Certainly, taking inventory of employee data can be a daunting task. However, automated tools can help.
Find out what employee information you store
Manual data inventory eats up lots of time. Further, if you were to enlist your team to help you with the task, it could do more harm than good by needlessly exposing each person’s sensitive data to additional eyes. Instead, try using DataMapper to identify sensitive data. DataMapper can flag your employees’ data by quickly searching your systems for documents that contain their names along with sensitive keywords.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →