GDPR has arrived and it affects every business in the UK. timeware® 2018 sees the introduction of the GDPR control which will assist companies to work within the data protection rules.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
What does this mean for a company using a timeware® workforce management system?
Before your upgrade, a timeware® technician will discuss your company’s GDPR policy with your GDPR data controller.
This meeting will cover two main areas:
- The way in which timeware® (UK) Ltd handles your company data which in turn will impact on the way our support team provides certain types of service.
For example, your business may require that timeware® never removes personal data from site. This information must be recorded against your SLA notes to ensure we do not create an environment where a personal data breach could occur
- The processing of personal data stored within the timeware® application. We will identify any personal information fields within timeware® that do not need to be recorded and take steps to ensure that they are made invisible. We will also discuss how long certain information needs to be kept by the company for people classed as employed or as a leaver. We will then create a series of GDPR housekeeping scripts that will ensure these rules are upheld.
Please note that timeware® will never delete any personal data. We think it is much safer that timeware® operates within your data controller’s policies and highlights data that requires deletion. This will always be completed by your data controller and is fully audited.
Some example GDPR housekeeping scripts:
- If timeware® is not being using as the primary HR system do not allow address information to be recorded.
- If timeware® is not being using as the primary HR system do not allow National Insurance data to be recorded.
- When an employee leaves the company, remove their biometric data within 24 hours.
- When an employee leaves the company, remove all records of their future holidays and medical appointments within 24 hours.
- When an employee leaves the company, delete all passwords to the timeware® app’, the TWC and the ESS within 24 hours.
- When an employee has left the company and after the statutory period, remove all attendance and absence information and personal data.