HR module and GDPR

Overview

The HR Module within Claromentis is designed to follow GDPR (The General Data Protection Regulation). GDPR is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It's all about protecting and respecting the privacy of personal data, in this case, employee files and data.

 

HR Passcode

Access to HR sensitive data is protected by a Passcode in addition to the regular sign-in process. Please note that you can also have Two-factor authentication enabled for added security to the regular sign-in process.

A user will be prompted to set up a HR Passcode upon their first login to the HR system.

 

Recovery Email

When setting up an HR account for the first time, it is possible for a user to use choose a different email address such as personal email for HR-related recovery passcode. This is to ensure that your personal data is within the user's control and cannot be accessed by IT department personnel who may have access to employee's work email.

Time Out

Upon 10 minutes of inactivity within HR application (on both admin and front-end application), users will be automatically logged out of HR

 

Database Encryption

HR sensitive SQL database is encrypted using AES-256 public key encryption, It's considered among the top cyphers, meaning in the event of a database leak, sensitive HR data is protected.

 

HR Files & Document

HR Files and documents are also encrypted prior storing them to the server using RC4 Encryption for added security meaning users with access to the server won't be able to download and read the file on the server directly.

Note: We are aware that there are some reports of vulnerability related to RC4 Encryption and we are currently working on to improve or change it in the near future. It is worth noting that the impact in our use case would be fairly minimal as it is used to provide an extra security level relevant to on-premise deployment.

 

HR Special Admin

Users with access to the system admin panel do not necessarily have access to HR Admin. It is part of the onboarding process to nominate two users who wish to be granted access to the HR Admin panel.

Minimum 2 admins are required.

 

Data Retention

To protect user's data after their employment has ended, it is possible to set a disposal schedule of HR Data. For example, HR Records will be permanently destroyed after 5 years from the employment end date. This information is also displayed to the users for complete transparency.

 

Audit Log

Activity within HR is fully audited within Claromentis Audit system allowing all activity to be tracked for compliance purposes.

 

HR Training & Awareness

It is possible to create an E-learning course within the learning management system to make sure your employees are aware of GDPR and Data Protection.

Learning Management System

 

HR Policies

Using the policy manager within Claromentis to share and distribute HR policies. 

Policy Manager Overview

 

 

 

Last modified on 30 November 2023 by Hannah Door
Created on 30 July 2019 by Michael Christian
hr. gdpr, tool

Was this helpful?  

Share
Search Knowledge Base
Recent Articles
HR tool configuration options Tuesday, 27 July 2021
HR notification settings and reminders Thursday, 22 July 2021
How to add HR tool admins Wednesday, 21 July 2021
How to use the HR tool from the front-end Wednesday, 21 July 2021
How to set HR permissions Wednesday, 21 July 2021