Compliance  ·  Spotlight

Data Driven Lives… And Careers

The risks employee personal data pose under GDPR

The risks employee personal data pose under GDPR

Our lives are composed of a series of data points. This morning, I drove 9.8 miles to work and drank 3 cups of coffee. I said “good morning” 7 times. I had 2 meetings and edited 543 words.

Fortunately for the Orwellian prophesiers out there, very little of this data became a business record. Or it wouldn’t have, had I never written this blog. Yet here it is now, a bit of employee data floating out to the world. While your employer probably doesn’t keep a caffeine-consumption database among its employee records, their usage of your personal data may still be cause for concern.

Data Sprawl

With the multitude of forms we complete upon hiring, it’s safe to say that, at a minimum, our employers have a lot of our personal data lying around. At the very least, that information is being used by human resources for payroll, insurance, and a number of other critical staffing functions. But did you know 73% of organizations are also processing employee personal data for analytics purposes? In the Age of Analytics, it’s hardly a surprise.

The issue with analytics comes, not with processing, but with an alarming lack of transparency. Only 23% of IT decision makers are “very confident” their own personal data is being properly managed by their organization. Not only is this a big morale buster, it could also lead to major compliance risk.

Comply with Confidence

Personal data privacy has never received more attention than it has in recent months, with GDPR quickly approaching. Plenty of experts have shared their two cents on the issue of subject access requests (SARs) for customer data, advising organizations to draft new privacy policies and keep better track of customer communications. No organization’s perfect, but many have at least begun to prepare.

But are they also thinking about employee data? Not so much. With less than 6 months to go until GDPR goes into full effect, it’s concerning that 81% of organizations are still not “very confident” they could identify and remediate data on a given employee to comply with an employee SAR. It’s concerning that organizations have such little control over their employees' personal data—EU residents’ or otherwise.

With the depth and breadth of information organizations hold on their employees, complying with GDPR is going to be complicated. To learn more about how employee data is being managed and the compliance risks it poses, check out the full report.

As a content and events specialist at ZL, I work to bring the glamorous allure of information governance to the world. As a native Virginian and temporary Tennessean turned Californian, I’m permanently fascinated by life on the west coast. Although I miss SEC football and four distinct seasons, I’m in love with redwood forests and bubble tea on every corner.