HR module and GDPR


The HR Module within Claromentis is designed to follow GDPR (The General Data Protection Regulation). GDPR is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It's all about protecting and respecting the privacy of personal data, in this case, employee files and data.


HR Passcode

Access to HR sensitive data is protected by a Passcode in addition to the regular sign-in process. Please note that you can also have Two-factor authentication enabled for added security to the regular sign-in process.

A user will be prompted to set up a HR Passcode upon their first login to the HR system.


Recovery Email

When setting up an HR account for the first time, it is possible for a user to use choose a different email address such as personal email for HR-related recovery passcode. This is to ensure that your personal data is within the user's control and cannot be accessed by IT department personnel who may have access to employee's work email.

Time Out

Upon 10 minutes of inactivity within HR application (on both admin and front-end application), users will be automatically logged out of HR


Database Encryption

HR sensitive SQL database is encrypted using AES-256 public key encryption, It's considered among the top cyphers, meaning in the event of a database leak, sensitive HR data is protected.


HR Files & Document

HR Files and documents are also encrypted prior storing them to the server using RC4 Encryption for added security meaning users with access to the server won't be able to download and read the file on the server directly.

Note: We are aware that there are some reports of vulnerability related to RC4 Encryption and we are currently working on to improve or change it in the near future. It is worth noting that the impact in our use case would be fairly minimal as it is used to provide an extra security level relevant to on-premise deployment.


HR Special Admin

Users with access to the system admin panel do not necessarily have access to HR Admin. It is part of the onboarding process to nominate two users who wish to be granted access to the HR Admin panel.

Minimum 2 admins are required.


Data Retention

To protect user's data after their employment has ended, it is possible to set a disposal schedule of HR Data. For example, HR Records will be permanently destroyed after 5 years from the employment end date. This information is also displayed to the users for complete transparency.


Audit Log

Activity within HR is fully audited within Claromentis Audit system allowing all activity to be tracked for compliance purposes.


HR Training & Awareness

It is possible to create an E-learning course within the learning management system to make sure your employees are aware of GDPR and Data Protection.

Learning Management System


HR Policies

Using the policy manager within Claromentis to share and distribute HR policies. 

Policy Manager Overview




Created on 29 July 2019 by Michael Christian. Last modified on 29 August 2019

Was this helpful?