-
As an organisation, we have a legal and ethical obligation to protect the personal information of our employees, including interns, freelancers, and ex-employees. This is similar to our responsibility to safeguard our customers' data, in compliance with data protection laws and regulations.
-
We often hold special category data for our employees. This could include items such as a passport, which reveals an employee's ethnicity; a background check, which might show past criminal convictions; or biometric data like fingerprints or retina scans used for accessing company resources. All these types of data require an extra level of protection.
-
When dealing with employee data, it's crucial to ensure that:
- The data is used in a lawful, fair, and transparent way.
- The data is collected only for valid, clearly explained purposes and isn't used in ways incompatible with those purposes.
- The data collected is relevant and limited to what is necessary for those purposes.
- The data is accurate and kept up to date.
- The data is retained only as long as necessary for the purposes it was collected for.
- The data is secured following our technical and organisational security standards.
-
As the Data Controller, we are responsible for the data security levels of our third-party software providers. If an employee makes a data subject access request, we are responsible for gathering the information held on them by these third-party processors, like our HR software provider. Always be watchful of the security and data protection processes of these providers, and report any substandard practices to your Data Protection Champion.
-
All team members share the responsibility for protecting the personal information of our customers and other employees.
-
It's important to only disclose employee information to third parties or individuals who have proper authorisation and a need to know.
-
For ex-employees, we adhere to our data retention schedule and delete their personal information when required.
Finance, HR & Operations