Cybersecurity is a huge problem that has increased dramatically in just the last few years. By some estimates, cyber theft costs organizations around $450 billion worldwide. The latest Hiscox Cyber Readiness Report advises that more than half of companies are ill-prepared to deal with an attack on their data, and only around a third rated themselves as experts in cyber-crime prevention and readiness.
In the spring of 2017, the General Data Protection Regulation (GDPR) was quietly rolled out by the EU to set the foundation for improved personal data security.
While some organizations already had measures in place to deal with the updated regulations, many are still in the process of ensuring that employee personal data is properly managed by the May 2018 deadline.
What does GDPR cover?
The whole notion of data security runs deep in most organizations, however, many do not adequately consider the many layers where data is gathered, stored, used, and shared. Even with education of employees, the prevalence of information theft is so rampant that the chances of being caught in a data breach are very high.
The GDPR is an update to previous guidelines concerning operational and human resource information management, and it’s long overdue.
It covers individual data, giving added protections and control over personal information to consumers. This is a new initiative that all organizations worldwide need to be mindful of, particularly those that have businesses in the EU or do business with companies in this region.
GDPR essentially replaces the Data Protection Directive (Directive 95/46/EC) from 1995, in a time when international data theft was not considered a threat. Companies now have less than a year to evaluate and make corrections to how they gather, use, store, and share data, including the portability of their data.
How employee engagement connects with the GDPR
When one thinks of data security and employee engagement, it can, at first, be difficult to see the correlation. They seem like two very different aspects of doing business. But the truth is, they are actually connected in some interesting ways.
Years ago, employee engagement didn’t matter all that much to organizations. Or at least it wasn't specifically understood or tracked.
People were asked to fill out a paper survey or an online form once a year to rate their jobs and share feedback. It wasn't exactly high tech, nor was it secure. Engagement wasn't something that was talked about or focused on like it is today.
If employees showed up and did the work, they earned a pay cheque and that was it. Employees who became disenfranchised eventually just quit.
Today, however, organizations understand just how critical employee engagement is. Not only is it important for day to day productivity aspects, but from an employee retention aspect it’s crucial for companies.
After all, we are seeing global skill shortages in the job market like never before, so we cannot afford to lose an employee due to lack of engagement.
Smart companies have invested in real-time employee engagement solutions that gather regular feedback from employees. In this way, there are metrics that they can use to measure the effectiveness of their culture, team building, and recruitment efforts. This is especially useful during changes in the organization.
By using employee engagement software, a company is tapping into highly sensitive information. Employees may be sharing everything from their daily moods to how they relate to their boss. Therefore, this is data that requires protecting under the GDPR because it is so personal in nature.
How can companies using employee engagement products comply with GDPR?
There are several ways to make sure that your employee engagement solution is in line with GDPR mandates. First, decide why information like this is valuable to your business and how it will be used.
While it does come from employees, they have the right to either opt in or out from sharing this data. Once they do decide to participate, the data becomes the responsibility of the company.
Second, understand how cloud data is managed by your employee engagement vendor. In order to meet the regulations of GDPR, all data must be stored on native EU servers using the highest levels of security.
Don’t be fooled by companies using cheaper overseas servers to store data. You don’t know how it could be used (for marketing for example).
Lastly, have a secure sign-on system for those using the employee engagement and feedback products. This requires a username and employee-defined password, giving employees greater control over who accesses this information.
On the administrative side, only those who need access to this data need to be given access, and even this should be very limited and locked behind the same sign-on methods.
About David Godden
David is a Director at employee engagement solutions specialists Thymometrics and is responsible for global strategic and product marketing. He is a prolific blogger on HR tech and employee engagement matters.
Prior to Thymometrics, David founded Keynet, assisting US tech companies establish a presence in the EU, including Pardot, DocuSign, eTrigue, Baynote and Bronto.
Before this, he founded Keymail which exclusively represented ExactTarget in the UK. Keymail was wholly acquired by ExactTarget in 2009 as launch pad for their international expansion.