In my two previous blog articles “Digital management of personnel files, restful sleep“ and “The “perpetual employees” have had their day“I discussed some of the basic principles of GDPR in connection with the management of personnel files.
In this blog I will examine a further important basic principle: Integrity and confidentiality.
Integrity and confidentiality
The General Data Protection Regulation states that personal data must be processed in a manner that ensures appropriate security of the personal data. This is particularly important with regard to personnel data. In general, personnel files comprise highly sensitive information, for example reports on illnesses, attachments of salary, police clearance certificates, etc. Other than that, protection against the unauthorised or unlawful processing, accidental loss and destruction of personal data must be ensured.
I regularly engage with organisations that still maintain their personnel files in physical archives. In such a case, electronic access cards do not warrant sufficient protection since it is impossible to retrace whether it was really employee A who used the card of employee A to gain access to the archive. A system like that does not provide a record of the files that were accessed or potentially even manipulated, either. In my view it is obvious that a physical archive of personnel files can never satisfy the requirements of GDPR. Businesses therefore need digital administration.
“Digital” is not synonymous to “GDPR-compliant”
Many organisations still use digital filing systems that are not in compliance with GDPR as they do not have sufficient provisions to govern access rights and security. Using a rights management system that is centrally controlled, easy to administer as well as transparent and highly comprehensible to all users is the only way to manage access on personnel files in a clean way. It is also important to consider that access on the documents of a personnel file must be restricted instead of being open to all departments of a company – this even applies to the employees concerned.
Highest levels of security to build trust
Nevertheless, rights management alone is not enough. The risk of manipulation can only be avoided on the basis of high-security two factor authentication. Besides their user names and passwords, employees need a second authentication factor: a text message PIN, an email PIN or a digital ID such as the German Personalausweis, the Austrian Bürgerkarte or a SuisseID. Organisations can thereby ensure that the person logging in to access a personnel file is indeed the one he or she claims to be.
The Fabasoft Personnel File is one of the leading solutions for the central, digital and consistent processing of personnel files. It allows organisations to define precisely who may access which data held in a particular personnel file and guarantees uncompromising protection of personal data on the highest levels of certified European security. So far, Fabasoft has for example been the only European Cloud provider to be awarded the C5 attestation issued by the German Federal Office for Information (BSI).
Easy management of access rights
Personnel file archives are high-security online working areas where HR managers can read, edit or delete documents according to their access rights. These rights are centrally managed by authorised administrators on the basis of roles.
Virtual time travels
Thanks to the Fabasoft “Time travel” function, the Fabasoft Personnel File ensures that the entire life cycle of a document is continually logged. From the creation of a document up until its deletion, each access and modification are recorded.
Auditing fit for inspection
Every time a document or a personnel file is accessed, the auditing function creates an entry in its logging system. Besides changes to the properties it also indicates when a document was read by which user.
The Fabasoft Personnel File offers yet another added value to HR departments. By granting employees and managers access to documents, they no longer have to come to the personnel office in person. This in turn dramatically reduces interruptions from colleague requests there. How does this work?
Self-service is available for specific areas and documents of the personnel files to allow for an easy way of retrieving information. It enables employees to examine their personnel files quickly and regardless of time and place. In addition, documents (e.g. salary statements) can be delivered digitally. Employees confirm receipt via an automated workflow in the Fabasoft Personnel File. As a result, the workload of the HR department is considerably reduced. The time it gains can be used for important tasks such as strategic personnel work, recruiting or HR analytics. Moreover, traceable documentation shows which employees have not yet finished such processes.
The Fabasoft Personnel File ensures that you meet GDPR’s basic principle of integrity and confidentiality and allows your employees to have more time for value-adding personnel work.
Photo: Belovodchenko Anton/Shutterstock.com