Achieving HR GDPR compliance with SuccessFactors HCM
Are your HR processes GDPR compliant? You should already have a GDPR plan in place for your whole company, but do you know if your team is achieving HR GDPR compliance?
It’s no secret that big data is, well, big. Today, companies collect more data on more people than ever before. From providing a better service tailored to the individual to providing more in-depth insights for decision making, we just can’t get enough data.
The only problem is privacy. Data can be misused by companies themselves as well as hackers and other parties looking to get their hands on data that isn’t theirs. It’s no surprise, then, that recent years has seen a wave of new data privacy laws sweep the globe. While tackling privacy is only ever a good thing, it’s also extremely difficult to manage and stay compliant, especially for larger companies.
This includes HR professionals who arguably handle the most, and definitely the most sensitive, information in the company. Today, HR teams need to be extra careful and make sure they continue to meet GDPR requirements.
GDPR capability from SuccessFactors
SAP SuccessFactors HCM Suite is a full HCM suite providing support for HR processes for employees, candidates and external learners. The full range of HR business processes from onboarding to analytics is supported. The suite therefore handles a range of employee data, candidate data, onboarding data and talent data that fall under GDPR. This includes:
- Personal data
- Bank account data and credit or debit card data
- HR data
- Qualification and education details
- Salary and Social Security data
- System access
- Authorization data
SuccessFactors fortunately offers a range of capabilities to meet GDPR requirements.
Information and transparency
In partnership with SuccessFactors or a fully trained vendor like TalenTeam, your solution is configured to meet the specific GDPR needs of your business. This configuration, including all the features and processes utilised, are documented with the help of workbooks to ensure everyone from your employees to your HR team all the way up to top management is informed about how the company is meeting GDPR..
GDPR and many other data privacy laws now require business to have explicit consent from individuals to store and process their data. Ideally, a record of this double-opt in consent being given with a date and time should be kept by the company. SuccessFactors therefore allows for complete consent handling and management such as with SuccessFactors Recruiting Management. Here, consent can be confirmed and recorded when sending applications and HR teams can manage consent statements as well as tailor these statements for specific countries and languages.
Access to data and portability
As a full suite handling all HR processes from start to finish, SuccessFactors provides a central hub to access data both for HR teams and other business functions as well as the employees themselves for certain data types. With data reporting you can create a report of all the data available for an individual, from name and address to health data, to help support an individual’s right to information and allow them to know what is being stored at any point. The data is also available for download to make portability easy.
Data retention management (DRM) tools can be configured to meet your individual business needs and subsequently help to manage the erasure or permanent deletion of data. Data purging is important as it not only streamlines your data which can often get out of hand for large companies, but it also minimises the risk of noncompliance by ensuring you don’t keep data past the point you’re legally required to do so. You can set a retention period for all employees or even set different retention time frames by employee subsets, such as employees from a certain country, to meet specific legal requirements.
Restriction of processing
Role-based permissions (RBP) can be used to restrict individual user access to allow certain team members to display, edit or delete certain data. With employee self-services, employees themselves can update personal data as needed. Data blocking can also restrict certain team members or other individuals from accessing historical data. For example, an HR service center employee fielding questions from employees may only need to see employee data going back one year, whereas an HR system administrator may need to see all history on the employee.
X-border data transfer
Each business can decide which data centre location they would like to use for their solution and an EU-only access option is available for operations, support and maintenance.
Privacy by design, privacy by default
The suite has always been designed with best practice data and privacy principles in mind, a must-have for HR professionals who handle various personal and other data types on a daily basis. That being said, businesses are still responsible for configuring and using SuccessFactors properly to meet their GDPR needs.
Along with a clearly defined GDPR plan and process for the company as a whole, be sure to work with the relevant business functions and your SuccessFactors vendor to configure system interfaces, data structures and relevant security safeguards accordingly. You can also overrule any automated decisions manually to meet your requirements.
Need help achieving HR GDPR compliance? Contact us today to find out how we could help you configure SuccessFactors to meet all your data privacy needs.