May 17, 2018

Preparing for the General Data Protection Regulation (GDPR)

ll personal data should be adequate for the purpose it is stored/acquired for. It should also be limited and relevant for the exact purpose it is meant to fulfil. Organisations must ensure that there are deliberate security measures built to ensure data safety and make sure that there is lawfulness, transparency and fairness in data processing. Data also needs to be time bound i.e., if required only for a specific period, organisations must ensure that the time is defined and ensure data is purged after this.

Organisations must ensure that data stays accurate at any given point in time, and take specific measures to keep data up-to date, safe and secure.

SAP - How Will the GDPR Impact You?

Download - PDF file - 168 KB

TalenTeam - Preparing for GDPR

Download - PDF file - 4.30 MB

GDPR aims to increase accountability of those processing data. Although very similar to the existing data protection legislation, GDPR aims to increase the transparency of data processing and take a tougher stance in enforcement. If organisations are found to be non-compliant they could hefty fines of up to 20 million euros or 4% of the annual revenue – whichever is higher!

SuccessFactors and GDPR

With SAP’s commitment for data protection, SuccessFactors has extended the existing products to stay compliant with the new legislation.
For ease of understanding, personal data has been classified into 3 phases during the employee life cycle:

Active: The phase during which data is processed for its specific purpose;
Retention: This is the phase after which data is not processed actively, but being held for specific purposes or for display purposes only;
End of Use: This is when data is no longer required in the system and can be purged.

One of the best functionalities of SuccessFactors, Role Based Permissions or RBP’s helps give access to data on ‘Need to Know’ basis. RBP’s basically assign permissions based on a person’s role within the company – example: HR of UK can only view data of UK employees. This is highly customisable and helps your organisation not only give the right access to employees, managers and admins, but also makes sure that no one has access to data that they should not have.

For this to work there are three elements:

Permission Groups: Who gets access (example: HR of UK);
Permission Roles: What access do they get (Example: View personal details);
Target Population: On whom do they get this access (Example: Employees of UK);

In addition, SuccessFactors are updating RBP’s to have the ability to define time periods for which historical records should be visible, including defining different intervals for different countries – which helps in Data Blocking required during the ‘Retention Phase’.