As a global software company, HR Cloud is committed to the latest in data protection regulation. Over the last year we’ve made a significant number of changes to both our core product as well as our website to stay ahead of GDPR, the General Data Protection Regulation, going into effect on May 25th, 2018.
What Is GDPR?
GDPR is a new EU-wide policy that gives EU citizens greater control over their data. It’s a more articulate version of the 1995 Data Protection Directive, and is the biggest piece of EU data privacy legislation in over 20 years.
Much has been written about GDPR fines for violations, which are up to $20 million or
You might be asking, is GDPR compliance necessary for my non-EU based company? My company isn’t located in Europe!
Consider this: even though GDPR requirements only pertain to EU citizens, how do you really know who within your company or amongst your job applicants are (primary or dual) citizens of an EU-member country?
You don’t. That’s why we’ve made the following updates in our product available globally to all our customers:
What We Did About It
We’re big data geeks at HR Cloud, so we’d like to keep yours as safe as possible.
With that in mind, we went all in on our new consent policies to make sure new hires, potential clients and new customers can:
- Access information regarding what data was collected and why.
- Easily withdraw collection consent at any time.
- Process data rights requests “without undue delay,” as stated in GDPR.
- Have data erased, corrected or removed from processing upon request.
- Be notified of data breaches within 72 hours.
Your Privacy is Priority
Users can check who’s consented, when and to what policy version. Tiered permission protocols further restrict access to any user not specifically designated by the HR Admin.
Should they refuse consent to collection, they will be completely logged out of the system and denied entry until collection consent is given and registered. This protects the employee, user and system as a whole by assuring data is not continually aggregated during the request process.
In the Privacy Shield paragraph, we provide a third-party address for all data rights, requests and privacy concerns. The link takes users directly to the Truste’s Submit a Report form.
Compliance on Your Terms
We’ve also made it easier to configure your own custom Terms and Conditions agreements.
We give users the choice to build Terms and Conditions from the ground up or use GDPR-compliant sample text from pre-written templates. This way, users can comply with GDPR standards while keeping on track with local regulations, internal best practices or any other needs.
Terms and Conditions can be found under the Terms and Conditions tab in System Settings.
Demystifying Data Requests
HR Cloud HQ gets a HUGE kick out of making complex processes simple.
That’s why we got really excited when we built our handy-dandy Legal Rights Request Form.
It’s easy to find, easy to fill out and has none of the opaque language of European data laws.
(We can hear your sigh of relief from here.)
You’ll be able to document any GDPR-mandated data request, including access, rectification and deletion.
Here’s how it works.
Users will fill out the fields with their best contact email.
Users will use the Request Reason field to select from any of the primary GDPR Data Rights or enter “Other” to begin a custom query.
Once the user is finished, they’ll click the Send Request button and the form will be transferred to our Customer Support team without delay.
It’s seriously that easy.
The Integration Opt-Out
And, now for something a bit more complicated.
To protect our customers and ourselves, we’ve decided to disallow non-compliant integrations for all users under GDPR jurisdiction. They’ll, of course, be notified if any integrations that they are currently using aren’t compliant.
We’re allowing non-EU users to opt out of GDPR to run non-compliant integrations, provided they can sufficiently prove that they’re not under obligation.
To qualify for opt-out, an employer must prove that they do NOT:
- Have locations in the EU
- Employ any EU residents or store data from former employees who are EU residents
- Store, control or process any personal data gathered from EU residents
- Store, control or process any transaction records from dealings with EU-based organizations
Should all of this info be provided, the decision to use the integration must be finalized by a person of sufficient administrative authority within the organization. This person can be an officer of the company or, at the very least, the person who authorized the initial purchase of HR Cloud.
If all of the above goes smoothly, the user can utilize necessary non-compliant integrations, but only under these conditions.
Your Bases are Covered
If there’s one thing we’ve learned from our daily chats with HR pros, it’s that they will not rest until they’re sure their people are taken care of.
At HR Cloud, we’re no different in our diligence with your data.
The Crew at HR Cloud
For more in-depth inquiries, the entire GDPR text can be found here.
HR Cloud is a leading developer of HR software & HRMS solutions for small and