Published: Jul 24, 2018

The content for today’s post is courtesy of Kristen Wylie, Product Marketing Director, and Brad Nycz, Customer Success Manager, at Kronos.

Data is a big deal. It’s people’s private information, after all. And it’s an even larger concern with the onset of the General Data Protection Regulation (GDPR). GDPR focuses on the EU, but companies around the world are certainly feeling the impact of the new law as well.  

Simply put, GDPR is about protecting an individual’s personal data – biometric data, location data, name, address, email address, etc. It builds on the 1995 Data Protection Directive, a regulation that initially set data security standards for the EU in 1995. Now, under GDPR, EU personal data protection has been further strengthened and companies must be more explicit about their data collection and processing practices. At the same time, EU individuals are empowered with the enhanced rights to notice, access, and correction of their personal information.

Retain or remove?

Individuals. Does this mean employees too? You bet. For Workforce Ready customers feeling the impact of GDPR compliance regulations, we’ve improved the data retention, deletion, and consent functionalities of the solution. In addition to compliance, these enhanced features help companies with or without EU employees – streamline data retention and removal processes.  

  • Data retention policies: Most companies want two things when it comes to data retention – minimize the amount of employee data stored in Workforce Ready and hold data that must be stored no longer than necessary. We understand; so, with the June Workforce Ready release came the ability to automatically eliminate and term files or data sets. You determine your own retention policy start and end dates and define them in your solution. Once you set a retention policy for a certain data type, Workforce Ready will automate the removal of data that is marked as older than the retention period. The data is sent to a queue for removal when the retention period has lapsed, meaning deletion is not instantaneous. This helps ensure system performance isn’t impacted, as deleted or anonymized data is permanent and cannot be undone or recovered.

  • Employee data removal: On the other side of the coin is an employee requesting the removal of information. You can accommodate data removal requests while still adhering to your company-wide data retention requirements. The first step is to determine if a request is legitimate. If it is, then you can use this feature to remove data points. The system will cross-reference what information falls within data retention requirements and queue up only what falls outside your policy for removal.

  • Applicant consent: We’ve made it possible for job candidates applying for positions to agree that yes, you can hold their information in your database. Applicants can provide permissions when creating an applicant account or after they create an account under “My Profile.” If consent is granted, the data is retained. If not, it’s removed.

There are a few resources you should know about as well.

  • Workforce Ready Data Protection FAQ: Hosted on the Kronos Community and available via knowledge base article number 000064538, this document contains information on the international Workforce Ready features and functionality that you can use to support your data protection processes.

  • Training in My Learning: For an 11-page guide on setting and using the data retention functionality in Workforce Ready, go to Account > My Learning > Administrator—General > 1. Settings in your solution.

  • GDPR Overview Presentation: Check out this brief, 5-minute presentation recording on how Workforce Ready helps you address your GDPR needs from a workforce perspective.

Data privacy is a serious concern, but we’re here with upgraded compliance tools on the Workforce Ready side. With our enhanced functionality, you can your employees’ data concerns and focus your attention where it matters most. 

Note: In addition to being heavily impacted by local law and regulation, data privacy compliance is a highly business-specific and fact dependent endeavor, and you should consult your legal advisor for detailed guidance before proceeding with a personal data protection plan. The discussion provided above is for informational purposes only, is not customer specific, and is subject to change.