Share it with your network!
Help your colleagues and friends deepening their knowledge
HR is the guardian of a wealth of personal data
By necessity an HR department collects and treats a considerable set of personal data on present and former employees, and on job applicants. These sensitive data are essential to meet legal obligations, enable transactions between the employer and the employee, and allow the execution of the contract.
1. Data to meet contractual obligations, such as:
- Salaries
- Tax certificates
- Social security
2. Data to enable employees to perform their jobs, e.g.:
- Evaluations
- Assessments
3. Data to meet legal requirements like:
- Social security obligations
- Withholding payroll tax
- Traffic violations with company cars
GDPR also applies for HR data
Long before GDPR arrived, Bisnode’s HR department took great care to treat personal data with the utmost confidentiality and security. Extreme respect for private data is part of the Bisnode DNA. For instance: asking questions or keeping data on personal conviction, nationality, sexual orientation... have always been totally off-limits for Bisnode.
As an international company Bisnode Group wants to bring its internal cross-border sharing of HR data in line with GDPR. That’s why Bisnode took specific measures to fully align HR and GDPR on an international level.
Extra measures we took to fully align HR and GDPR
Bisnode took specific measures to clarify the rights and obligations of its employees and job applicants on an international level, in full compliance with GDPR. We always clearly specify which personal data will be kept and shared for which purposes.
Privacy policy for employees
All Bisnode employees receive a GDPR compliant privacy policy. The policy clearly states how their personal data will be used within HR and within the Bisnode Group.
Biometric data
Bisnode employees who submitted biometric information, e.g. to get access to the data server rooms, will receive an extra privacy guarantee. This document clarifies which biometric data are used for which purposes. It also asks their signed permission to use these biometric data.
Former employees
We need to keep the data of our former employees in view of compliance with certain legal obligations, amongst other regarding pensions. These data have to be stored until their retirement. Bisnode deletes all other personal data that are no longer relevant: e.g. reports, family related data...
Involving the trade unions
Bisnode informs its trade union representatives about the GDPR measures concerning employees. For instance, we tell them which data are passed on to the Sodexo meal voucher service or to our insurance broker. We provide the unions with all the assistance they need to inform and reassure their members.
Persons of trust
The operation of our “persons of trust” program at Bisnode did not require any specific GDPR measures. Their confidential information never reaches the HR department. By engaging a confidential advisor, employees give their councilors their explicit consent to take further measures.
How to make a GDPR risk assessment of (sub)contractors?
That's the subject of part 9 of our special on GDPR reports on Bisnode’s risk assessment procedures.
