The GDPR is Europe’s new data protection law. It comes into effect in May 2018. This blog post by HR Software experts Tania Teetz and John Kleeman shares a summary of some challenges and opportunities around the GDPR and Data Protection they presented on at the HR Open Standards Community Meeting in Bad Nauheim, Germany in November.
As you may know, the GDPR governs the protection of personal information of individuals located in Europe. It applies to any organization who collects or processes personal data of EU residents.
And Europe is not the only country implementing data protection changes. Many countries in Asia and Latin America have recently introduced or updated data protection laws, and the Indian supreme court recently ruled that privacy is a fundamental human right.
So with data protection growing round the world, we spotted four challenges and four opportunities for companies involved in HR technology.
- Guidance Unclear. The legal language of the GDPR is principle based and leaves many practical details unclear. The regulatory authorities are producing guidance but much of it is not available yet, which means that organizations have many uncertainties to resolve prior to when the GDPR comes into place in May 2018.
- Access Requests. It seems unclear in the GDPR how much information within an HR system an applicant or employee can request to see via a subject access request. For example, if someone is rejected for a job, how much can they see about the employer comments on their application or the logic that led to that decision? A guideline on the right to “data portability” exists from the Article 29 Working Party to clarify at least the data that has to be provided when a data subject asks for portable data.
- Backup. Data protection laws typically require deletion of personal data when no longer needed or in some cases when a data subject requests the erasure. But most computer systems keep back-up copies of data in case of disaster. Often that backup is write-only, i.e. cannot easily be modified. But if data is deleted in the primary system, how do you ensure it is deleted in the backup too? There are several approaches to this, one is to keep the retention period for backups short (e.g. 30-60 days) so that all backups gets deleted reasonably quickly in any case.
- Should Vendors Force Compliance? Should HR vendors implement software features that force customers to comply with legislation or should they provide flexibility to allow customers to do what they want, even if that might not be legitimate in some jurisdictions? In most cases the answer will probably be “it depends”, and has to be considered individually per functionality. Many vendors also consider it a good idea to do some risk analysis to accompany this decision.
- Privacy by Design. We all know the value of security by design – and all successful software companies build in security from day one and make security the default. Privacy by design originated in Canada and for a long time was just an idea, but it’s grown and is now advocated by the GDPR. Could privacy by design be one day seen as crucial as security by design? We suspect many successful vendors will implement data protection by design and default, data minimization, pseudonymisation and other privacy by design concepts.
- Trusted Advisor or Compliant Vendor? In order to implement compliant systems, HR technology companies gain a lot of knowledge about data protection law, but how much of that can we pass onto our customers? It’s a really fine line to draw – what advice can be given, without giving legal advice. We are not lawyers but there is perhaps an opportunity to be trusted advisers as well as compliant partners or processors.
- Big vs Siloed data. There is a risk that data protection rules will force organizations to “silo” their HR data – keep it within geographical regions, and not get the benefit of “big data” analysis to improve performance. There is an opportunity to innovate to ensure that we can get the benefit of “big data” analysis while still maintaining privacy. It’s worth taking a look at the HR Open Standards Data Protection standard to see if it can help in this area.
- Can Data Protection be a Competitive Advantage? The GDPR requires controllers to choose “expert” data processors, and being knowledgeable and compliant with data protection laws will surely help vendors win and maintain business. More widely, the GDPR and other data protection laws could help the whole HR technology ecosystem by resolving privacy concerns and so encouraging everyone to further trust use of the cloud and technology.
To some extent, all need to follow data protection, but there may be advantages for companies who have profound knowledge of one country’s laws or who know and follow laws in many countries.
Tania Teetz is Product Manager at recruitment software vendor milch & zucker (www.milchundzucer.com) and John Kleeman is Executive Director and Founder of assessment management system vendor Questionmark (www.questionmark.com). You can see their full presentation here.
I recently spoke with Martin VanDerSchouw, President and CEO of Looking Glass Development, who will open our Annual Meeting with his timely and transformative keynote on the Common Sense Leader in an Agile World. This keynote is not to be missed!
I wanted to share with you a bit of Martin’s background in performance improvement, business process design, IT planning and implementation, and project management training and give you sneak peek into his opening keynote at the conference.
Here are the highlights:
I recently spoke with Matthew Bailey, President of Pioneering IoT, who is one of the keynotes at our upcoming 2017 Annual Meeting in Denver, Colorado on March 9-10, 2017. You can register here for the conference to hear Matthew’s highly anticipated keynote.
I wanted to take the opportunity to learn more about Matthew, shed some light on what it means to be a global IoT pioneer, and give you a sneak peek into his keynote at the conference.
Here are the highlights:
I recently spoke with Yamini Polisetty, Director of Product Management at SuccessFactors, who is headlining our upcoming European Community Meeting in St. Leon-Rot, Germany on September 15th.
I wanted to take the opportunity to get to know Yamini a little better and ask a few questions about her role at SuccesFactors and nearing keynote presentation at the HR Open Community Meeting.
Here’s a snippet of our conversation:
Written by: Romuald Restout
A Quick Look into the Past
Towards the end of the 19th century, electrical engineering became one of the core engines of the second industrial revolution. As Nicholas Carr put it, in “The Big Switch,” manufacturing energy provided factories “with a decisive advantage over other manufacturers. The company was able to expand the yield and efficiency of its factory. […] Like other factories of the time, they were as much in the business of manufacturing energy as manufacturing goods”. This of course, quickly changed, as power plants started to rise and provide energy at a low-cost to everyone.
An aspect that is often overlooked in that story is that none of this could have happened without the emergence of standards.
Written by: Mike Seidle
A good standard is one everyone uses.
Well, duh, right?
While I was on the board of directors for an international standards consortium (HR Open Standards), the biggest battle has always been getting developers to use the standard. When we did, we got amazing things to happen, like getting 18 states to start providing compliance receipts for job deliveries in just a few months. Like enabling entire marketplaces.
Nearly everyone who I’m aware of who launched an HR Open initiative has finished quickly for a few reasons:
As a global standards organization, HR-XML has developed most of its specification for the general population and extended those specifications for country and jurisdictional requirements. The Payroll industry is an exciting challenge as each country, province, state, city, etc. has its own rules, particularly when calculating taxes. For example, Canadian provinces utilize letters of waivers to authorize tax credits and deductions. Netherlands includes a tax credit for the elderly and Germany considers bargaining units when calculating taxes.
These and many other requirements must be discussed when developing the standard.
The HR Open Standards Payroll workgroup has been very active in developing standards for a variety of business needs. Our original scope was to focus on transactions between the HRIS as the System of Record and the Payroll System. We’ve recently decided to expand that focus to handle Distributed System of Record. Many organizations exchange data with internal or 3rd party systems and need to provision/sync those systems throughout the employment life cycle. The following diagram shows one scenario we are considering, where each system is its own System of Record.
The final specifications will include a narrative and associated xml instance(s) describing the ‘day in the life of the new hire’. We will also include business rules for each use case to help business analysts and developers with their implementations. We realize there are other environments in addition to the two noted here (HRIS as SOR, Distributed SORs). Most of them are not as common, but we invite you to share other scenarios.
Written by: Romuald Restout
Want to get the latest Florence and the Machine album or the latest “Game of Thrones” episode? There is an App store for that. Want to manage your pictures across all your devices? There is an App store for that. Want to manage your to-do list? There is an App store for that. Want to exchange files with your colleagues or family? There is a …. You get the idea.
App stores are convenient; they give you the ability to access all apps in the same virtual place, to browse apps for a particular category or function and to even discover needs that you didn’t even know you had. So it’s no surprise that App stores have become a predominant -if not the main- way for consumers to acquire (whether free or paying) software or media.It’s no surprise either that App stores are flourishing or that each social platform is creating their own. Latest to join the party is no other than Facebook.