It's been interesting speaking to our European contacts and finding out about the large amount of work they’ve put in to be GDPR (General Data Protection Regulation) compliant.
Data protection laws changed from May 2018, with more stringent regulation on the use of individual data and higher penalties for non-compliance.
In our own industry, recruiters need to be more transparent about what they’re doing with a candidate’s CV and how personal information is used. In addition, candidates have the ‘right to be forgotten,’ meaning any records right across the organisation need to be deleted (it’s easier now to hold a CV on a central system and give hiring managers access than to duplicate copies).
In parallel, the use of people analytics is increasing quickly (see for example, Deloitte ‘Human Capital Trends’ 2018).
The tools available and the amount of data captured are making this possible. System vendors are having a field day.
Companies are using people analytics to improve their hiring decisions, identify who should be promoted, spot who will be the best sales person and who is likely to leave. They’re better matching employees to roles, measuring productivity and analysing absence. They have more understanding of how diverse the company is and if there is a gender pay gap.
There are even applications that allow companies to monitor the mood of employees, spot fraud and identify which teams are communicating well with each other and where improvements need to be made.
But there are there are clear risks. Data about individuals must be managed and secured properly.
Here are some areas it’s worthwhile thinking about as a starting point:
Are you aware of the basics – do you know exactly where all your people data is, who is using it and why? Which systems is it in? Have you mapped out how people data flows from one system to another?
Are you managing employee perception of how data is used – is this explained in relevant communications such as the staff handbook and policies and are staff updated if there are changes?
Are you monitoring employee opinion on how you use their data? Would this be a worthwhile exercise, particularly as it will increase going forward?
Can third parties access your data (for examples, consultants)? If so, what are the implications?
Is overall data security at optimal levels – has there been a full impact assessment on the controls around the security of the data? How would it appear if there was a subsequent issue and complaint?
Could there be circumstances where the way you use employee data impacts the consumer brand of your company? Is it worthwhile monitoring this and deciding how you’d react if it happened?
Are you using any artificial intelligence or machine learning tools to make decisions about employees? Is there a human element to the decision making to provide assurance?
Are you handling people data from other companies- are you aware of your obligations and are you in line with them?
At EGM we are passionate about the changing world where people and innovation intersect - that why we are proud to be sponsoring the 2018 ELMO South Australia HR Leadership Summit in Adelaide. We hope to join you there to continue the conversation.