Kayley Gaylor: Is data protection still an HR problem?

-

The 25th May 2022 marked four years since GDPR came into full force, forever changing the way we use and understand personal data. You would think the world would have been smarter in processing and storing information by now, yet 2021 has seen a 40 percent increase in GDPR fines issued across the EEA and the UK highlighting that the problem is still fresh, argues Kayley Gaylor.

In the modern world of hybrid and intercontinental work, there are several security issues that organisations commonly face. We rely so heavily on technology to allow us to collaborate, to share information and data and to feel connected to one another, yet it comes with issues. A recent study found 57 percent of employees believe they are more vulnerable to cyberattacks since working remotely. Documents, information and data are now not just stored in the office, but at home, and in the local café or workspace at the gym. The lines of where you can work, who overhears you and who can see a carelessly left screen or document have been significantly blurred.

To add to this, organisations are still lacking correct policies and procedures to ensure data safety. With 82 percent of breaches in 2021 caused by human error, it is evident that HR departments should be leading on cybersecurity and GDPR compliance, not just when onboarding staff but throughout employees’ entire time at an organisation and up until their offboarding period.

So, what can HROs do to ensure correct data protection?

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

Knowledge is power

HR departments must have robust processes and policies in place, ensuring all employees are properly trained. Threat actors – a group of people looking to hack your devices or networks – try to target companies via individuals using corporate routes; quite frequently hackers target individuals that have just started at an organisation and who might not have in-depth knowledge of company’s policies yet, therefore HROs have a responsibility to provide adequate cybersecurity training from the very first day.

It is also very important to explain the difference between personal data and corporate data. As individuals, we resonate more with the question of “what would happen if my personal data is lost?” rather than trying to explain the implications of losing a company’s data only. Phrasing the importance of protecting information from that perspective ensures employees are trained to protect data in general, whether it’s people, financial or sales.

Risk management

Various departments have their own software products they use that collect data, and, with the HR department being no different, the HR technology needs to be integrated within the wider company’s infrastructure. Ask yourselves, where is data stored, how is it being used and which employees are having access to it from which entry points? It might sound quite technical but understanding where your data sits even from an HR perspective is very important for data protection.

It is also exceptionally beneficial to achieving organisational transparency and ensuring the right people have access to the right data. Equally, should a data leak happen, it reduces the amount of time spent identifying the channel through which the hack has happened and allowing for appropriate actions to take place in order to secure information going forward.

The evolution of HR

Throughout the years, HR roles have evolved beyond standard contracts, employee handbooks and grievance management. Today’s HROs have to be experts in wellbeing, employee relations (ER), DE&I, succession and now even cybersecurity, but not every HR leader knows or is able to fully embrace the variety of their roles. In companies where cybersecurity typically falls under the IT department, HROs need to understand their role in data protection too and get proactively involved to keep information safe whilst educating employees.

Cyberthreat activities are maturing with every passing week, and threat actors are becoming more creative in their ways of targeting companies and employees. From phishing emails and vishing (malicious calls to trick you into disclosing personal information) to smishing (malicious SMS with links) and simple password guessing, threat actors are constantly on the lookout to hack businesses. HR leaders need to be at the forefront of this, updating necessary policies and working closely with IT departments and, where necessary, external experts to organise appropriate training.

A company might have the best protection in place, from the most secure firewall to the latest Security Information and Event Management (SIEM) implementation, but, without people knowing what to look out for from a cybersecurity point of view when they receive an email with an attachment or a text message with a malicious link, these systems make no big difference.

The latest Mercer Marsh Benefits (MMB) report showed that 39 percent of UK businesses have been victims of cybersecurity breaches or attacks in the past year, but it’s important not to assume that the responsibility solely lies with the HR department – cybersecurity and data protection should be at the forefront of every employee’s mind, from senior managers to junior members of staff.

But it is HROs, as gatekeepers of enormous levels of information, that need to ensure data protection knowledge is available at all points of employment. In an ideal world, more organisations will start integrating cybersecurity into the HR function as soon as possible.

LACE

Kayley is a Senior HR Technology & People Transformation Manager at LACE Partners, a leading HR and Payroll transformation consultancy. In the past 15 years, she has delivered many global HR improvement and change projects including HR process improvement, outsourcing and centralisation of HR administration to Shared Service Centres.

Recently Kayley has been focusing on leading organisations through the journey of moving to the Cloud to deliver increased value and provide insights, from thinking through the experience and capabilities they need in the next generation of digital people systems, to developing the HR technology roadmap. She’s also been working on building the case for change, facilitating them through deciding on the right systems for the business to maximise the investment in digital enablers and people analytics, how choices made will impact the broader people systems landscape, as well as how the current processes and data will evolve in the Cloud.

Latest news

Lucy Standing: Older workers are back in the centre of the hiring debate – ready to lead the response?

For HR leaders, the argument is simple: the people being filtered out of your hiring process are not past their best.

One in 10 women quit work after pregnancy loss, report finds

Research suggests inconsistent workplace support following pregnancy loss and maternity leave is contributing to resignations and poorer mental wellbeing.

Fear of becoming obsolete grips workers as AI reshapes careers

More than two in five workers worry their skills could become outdated as AI reshapes hiring demands and increases pressure to keep learning.

Ford rehires 350 engineers after AI fails to deliver

Carmaker says veteran engineers have helped improve quality, mentor younger staff and retrain AI systems after automated checks fell short.
- Advertisement -

Low harassment reporting may hide workplace misconduct, employers warned

Low workplace harassment reporting rates may reflect a lack of trust in reporting systems rather than an absence of misconduct, new research suggests.

Jennifer Liston-Smith joins Halo Workplace Nurseries board

HRreview columnist Jennifer Liston-Smith has joined Halo Workplace Nurseries as chief purpose officer to help develop its workplace nursery compliance platform.

Must read

Holding the upper hand when exiting senior employees

In the current economic climate, employers will have to take some tough and often emotional decisions regarding the current and future value to their business of some of their long standing senior employees. Harmajinder Hayre, Partner in the Employment Team at law firm Ward Hadaway explains more.

Levelling the caring field: Equal Lives

Jennifer Liston-Smith, Director and Head of Coaching & Consultancy at My Family Care, discusses the recent Equal Lives survey report from Business in the Community.
- Advertisement -

You might also likeRELATED
Recommended to you