• Follow us


GDPR compliance: is your business at risk of an employee information data breach?

Since the introduction of GDPR last year, small businesses have faced increased pressure to develop and alter their existing policies in line with the new rules around data handling and compliance. Businesses of all sizes are fully conscious of the crippling €20 million or 4% of annual turnover penalty that non-compliance can incur, and understand that even the smallest and least equipped businesses must keep private information secure and accurate.

While these laws were implemented to preserve individual privacy amid ever-increasing cyber surveillance, staying compliant is easier said than done – as illustrated by the various breaches and fines a year on. These reports are revealing human error also plays a huge part in the slip-ups; and every business is comprised of real people, who are capable of making real mistakes, albeit unintentionally.

The focus of GDPR has largely remained on its impact on marketing as an industry. Indeed, the Information Commissioner’s Office (ICO) regularly announces firms that have been fined for nuisance calls and spam emails, but another crucial department which often gets overlooked when it comes to GDPR is HR. Arguably this department has far more to lose – holding incredibly sensitive data on employees, such as payroll, disciplinary issues and health records. This isn’t limited to employees, either; interviewees and anyone who’s credentials pass a HR manager’s path are included in this data.

So, thinking specifically about HR, what can small businesses do to avoid landing in hot water with the ICO? And how can they continue to remain compliant given everything else on their plates?

Regulation minefield

The idea of bank details, passwords and contact numbers floating in the ether and potentially vulnerable to hacking has meant that misconceptions around tech benefits are rife. Businesses are reluctant to trust technology with personal data for these reasons, and employees are tasked with securely storing it.

But, ironically, some of the latest data breaches happened through misplaced legacy hardware and negligence toward password protection. In other words: mistakes real people have made.

Take the Heathrow worker, whose misplaced memory stick resulted in a hefty £120,000 fine by the ICO. The USB contained 1,000 files with passport numbers, names, dates of birth; enough for a fake identity to be forged? Certainly.

What's more, since May this year organisations only have one month to handle Subject Access Requests (SARs) – whereby someone requests the organisation deletes all information held on them from the system. For an organisation where disparate systems or spreadsheets are used to store HR information, this would be a nightmare to handle. And of course, this challenge becomes even greater for small businesses who may have someone in part-time to handle HR, or it could fall to the office manager to handle.

This is where dedicated HR management software systems can help. By centralising all employee information within a single, secure system, HR staff and business managers can help mitigate the risk of a data breach at the same time as ensuring that if an employee does make an SAR, the required information can be gathered and provided easily and quickly.

It’s important to look for a system to which any documents or information uploaded can be shared securely, and where everyone within an organisation has their own unique login. Equally important is the ability to set different access and user permissions. This ensures that people can only see what they are meant to see and that HR administrators have control of what documents and information are visible to people. 

Cloud computing, HR and small business security

It’s time to let go of misconceptions around the available tech solutions. Usually, the first port of call for businesses is to adopt cloud technology for creative, strategic and everyday operations. According to the Cloud Industry Forum, 88 per cent of IT and business decision-makers use one or more cloud-hosted apps, and 67 per cent were keen to ramp up adoption last year. However, with the GDPR’s intimidating legal penalties looming, some are still hesitant to trust the technology.

Unsurprisingly, ideas around mixing sensitive employee data with technology can cause reputational damage beyond repair and stress for those involved. Historically, management software was once fed off in-house servers with the need for IT staff to maintain it. Of course, for small businesses with scarcely enough resources to facilitate a computer network, such a luxury was out of the question.

And despite the various technological developments for speeding up working process, it seems we’re working just as much – if not more – than last century’s workforces using typewriters and telegrams. What gives? It’s a common misconception that putting more manual processes and spreadsheets at employees’ fingertips will streamline staff management. In reality, it can achieve the opposite.

Enter cloud computing. Not a new discovery, although sometimes it’s treated as such. A multitude of tech providers’ offerings are fundamentally cloud-driven. It’s the direction businesses are moving in.

One particular element to look out for in cloud platforms is an ISO 27001 certification, as it confirms the legitimacy of the system you’re using. It’s a hallmark for an information security management system. So, you can rest assured that sensitive details are securely stored under digital lock and key.

In fact, by adopting cloud-based HR software – and assuming it is ISO certified – many businesses will benefit from having employee information stored in state-of-the-art datacentre facilities which would set them back hundreds of thousands of pounds to establish and support themselves. In a time when Denial-of-Service attacks, phishing and password attacks are increasingly common, professionally managed data centres which have been properly ring-fenced are a far safer – and cheaper – option than managing their own in-house server infrastructure.  

Practical suggestions to bolstering data protection

Mustering up funds to hire more HR recruits to tackle the increasing workloads is an easy fix for giant corporations. But for SMEs, having staff wear multiple hats is one of the only affordable solutions – much to their detriment. That’s not to mention the double and sometimes triple titles employees bear, meaning one absent person can mean an entire department is nowhere to be seen.

As we’re not blessed with foresight, ensuring GDPR compliance involves planning and smart procurement of the right systems, especially for smaller companies. HR data needs to be condensed into one singular system and not spread out across disparate ones; this also minimises the risk of human error. Platforms must automatically generate regular backups of sensitive data records on top of authorised log-in details which can be cancelled in seconds. This will prevent it from falling into the wrong hands and staff couldn’t lose the data even if they tried.

SMEs need to play to their strengths, one of which being their agility and ability to adapt according to current business trends. Crucially, this ability to decisively adopt and trial innovative technology is what drives their competitive advantage. Businesses need data-management technology equally as lean and intelligent as they are to brave the GDPR storm – or risk receiving a fine that might sink the whole ship.

Jonathan Richards, Founder & CEO, BreatheImage Credit: Balefire / Shutterstock

Read More

Leave A Comment

More News

TechRadar: Internet news

Jamaica vs USA live stream: how to watch 2019-07-03 18:41:42Reggae Boyz out to make their third consecutive Gold Cup final as they face the USMNT. Check out our Jamaica vs USA live stream guide for all your wat

Symantec reportedly in Broadcom takeover talks 2019-07-03 17:04:33Broadcom may be looking at Symantec deal following last year's CA Technologies acquisition

Chile vs Peru live stream: how to watch 2019-07-03 16:56:12Who will win the 'Pacific derby' and join Brazil in the 2019 Copa América final? Check out our guide for your Chile vs Peru live stream.

Parallels and Winzip developer Corel acquired 2019-07-03 16:47:45Investment equity firm KKR snaps up Corel less than one year after Parallels deak.

The best VR laptops: these notebooks are ready 2019-07-03 16:24:29Don't have room for a VR gaming PC in the house? Then you're going to need a powerful laptop.

Copa América 2019 live stream: how to watch 2019-07-03 15:51:00The last four in Brazil and a classic encounter beckons. Read our guide for your 2019 Copa América live stream options as we enter the semi-fin

The best gaming monitor 2019: the 10 best 2019-07-03 15:49:44With the best gaming monitors, your games will come alive in ways you can’t even imagine.

The best Chromebooks 2019 2019-07-03 15:33:50We've searched far and wide for the best Chromebooks you can buy, always up to date and thoroughly tested.

The best PC gaming headsets 2019 2019-07-03 15:20:26The best gaming headset brings your game audio to life and won't cramp your ears after long play sessions. Here are the top 15 headsets we've tested

Netherlands vs Sweden live stream: how to watch 2019-07-03 14:58:58It's all or nothing in the second 2019 FIFA Women's World Cup semi-final. Don't miss a kick with our Netherlands vs Sweden live stream guide.

Best gaming laptops 2019: the 10 top gaming 2019-07-03 14:40:15The best gaming laptops you can buy, always up to date with the latest hardware configurations.

Popular cloud storage app hides a rather nasty 2019-07-03 14:35:43Upstream has blocked over 114m suspicious mobile transactions.

Latest ITProPortal news

Foxconn president resigns to run for office 2019-06-21 08:00:29He wants to focus on his presidential campaign.

Google confirms it's leaving the tablet business 2019-06-21 07:58:09It's throwing everything it has into the laptop business.

US city votes to pay ransomware demand 2019-06-21 07:30:31Riviera Beach can't catch a break.

iPaaS: The true digital transformation enabler 2019-06-21 07:00:33At the heart of any digital transformation project is the same principle – getting access to data and managing that data effectively.

5G can help start ups compete better 2019-06-21 06:30:585G could give birth to a whole new wave of start-up businesses, who would leverage the technology to compete better against well-established players i

Leaked passwords are only the tip of the 2019-06-21 06:30:45The true cause of the problem isn’t what one company does or doesn’t do with their security, but the underlying premise that personally id

The rise of voice commerce 2019-06-21 06:00:46This is a burgeoning trend that could be a huge market in the very near future.

IT issues creating workplace "black hole" 2019-06-21 06:00:33Employees are losing hours fixing stuff around the office.

GDPR compliance: is your business at risk of 2019-06-21 05:30:57Since the introduction of GDPR last year, small businesses have faced increased pressure to develop and alter their existing policies in line with the

How continuous deployment can help you keep pace 2019-06-21 05:00:10With every company now a software company, here's how continuous deployment makes you stand out from the crowd.

Keeping up with digital transformation: Is your ERP 2019-06-21 04:30:46Digital transformation need not be a scary term, but the foundation of your ERP strategy.

Why the jewellery sector is in major need 2019-06-21 04:00:07How blockchain and modern technology has helped to change the way the sector is functioning.

TechCrunch » Enterprise

Equinix and Singapore’s GIC will launch a $1 2019-07-02 00:20:35Equinix, one of the world’s largest data center companies, announced that it will form a $1 billion joint venture with GIC, Singapore’s so

Video platform Kaltura adds advanced analytics 2019-07-01 15:15:26You may not be familiar with Kaltura‘s name, but chances are you’ve used the company’s video platform at some point or another, give

We’ll talk even more Kubernetes at TC Sessions: 2019-07-01 12:00:58You can’t go to an enterprise conference these days without talking containers — and specifically the Kubernetes container management syst

Tara.ai, which uses machine learning to spec out 2019-07-01 06:09:59Artificial intelligence has become an increasingly important component of how a lot of technology works; now it’s also being applied to how tech

Enterprise SaaS revenue hits $100B run rate, led 2019-06-28 11:48:44In its most recent report, Synergy Research, a company that monitors cloud marketshare, found that enterprise SaaS revenue passed the $100 billion run

We’re talking Kubernetes at TC Sessions: Enterprise with 2019-06-27 12:48:01Over the past five years, Kubernetes has grown from a project inside of Google to an open source powerhouse with an ecosystem of products and services

Fellow raises $6.5M to help make managers better 2019-06-27 11:21:30Managing people is perhaps the most challenging thing most people will have to learn in the course of their professional lives – especially beca

Fungible raises $200 million led by SoftBank Vision 2019-06-27 11:00:24Fungible, a startup that wants to help data centers cope with the increasingly massive amounts of data produced by new technologies, has raised a $200

Cathay Innovation leads Laiye’s $35M round to bet 2019-06-27 10:22:46For many years, the boom and bust of China’s tech landscape have centered around consumer-facing products. As this space gets filled by Baidu, A

Amperity update gives customers more control over Customer 2019-06-27 09:03:26The Customer Data Platform (CDP) has certainly been getting a lot of attention in marketing software circles over the last year as big dawgs like Sale

Bright Machines wants to put AI-driven automation in 2019-06-26 11:16:00There’s a mythology around today’s factories that says everything is automated by robotics, and while there is some truth to that, it&rsqu

Vulcan Cyber announces $10M Series A to automate 2019-06-26 09:20:42Many software vulnerabilities are already known, and vendors have even issued patches, but the problem is there are so many patches that it’s of

Next INpact – Actualités

⭐ #LeBrief : certificats OpenPGP « empoisonnés », 2019-07-02 04:25:24C'est l'heure de #LeBrief, notre bilan de l'actualité dans le domaine des nouvelles technologies. Il contient toutes les informati

⭐ Soldes d'été 2019 : le récap' des 2019-06-28 11:42:39Ça y est, mercredi matin 8h, les soldes d'été sont lancés. La Team Bons Plans est évidemment sur le qui-

Internet en France : le « bilan de 2019-06-28 11:13:59Tel un médecin auprès d'un patient qu'il faut surveiller de près, l'Arcep dresse le « bilan de l'état de sa

Qwant fait le point sur ses services : 2019-06-27 04:00:00Après plusieurs mois en alpha, Qwant Maps passe en bêta. Au passage, le service de cartographie et d'itinéraires gagne l'acc&egr

Limeil-Brévannes : la folle histoire des clients K-Net 2019-06-26 08:35:26Les contrats de 63 abonnés K-Net (FTTH) ont été résiliés car SFR a démonté et emporté des &eac

⭐ #LeBrief : failles Firefox et VLC, MonAvis 2019-06-24 04:36:05C'est l'heure de #LeBrief, notre bilan de l'actualité dans le domaine des nouvelles technologies. Il contient toutes les informati

« L'incident technique » à la Poste a entrainé la 2019-06-21 09:09:23Hier matin, un vent de panique soufflait sur le site de La Poste. À cause d'un « incident technique », des clients se retrouv

⭐ #LeBrief : hausse des prix Netflix, Windows 10 2019-06-20 03:59:56C'est l'heure de #LeBrief, notre bilan de l'actualité dans le domaine des nouvelles technologies. Il contient toutes les informati

⭐ Le récap' des bons plans du moment, 2019-06-19 09:16:06Cette semaine, nous faisons le point sur macOS Catalina ainsi que sur le premier référendum d'initiative partagé propo

⭐ #LeBrief : League of Entropy, salve de bêtas 2019-06-18 04:20:39C'est l'heure de #LeBrief, notre bilan de l'actualité dans le domaine des nouvelles technologies. Il contient toutes les informati

⭐ Le récap' des bons plans du moment, 2019-06-12 07:37:44Cette semaine, nous fêtons les dix ans de la Hadopi. De son côté, Inpact-Hardware déchiffre pour vous l'architecture du chi

⭐ #LeBrief : Have I Been Pwned à vendre, 2019-06-12 04:53:14C'est l'heure de #LeBrief, notre bilan de l'actualité dans le domaine des nouvelles technologies. Il contient toutes les informati

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.