Most people are aware of data protection and privacy laws in relation to customer data, but are you familiar with your country's regulations on handling staff information?
The EU recently reformed its General Data Protection Regulation introducing some changes to the way companies should store and protect information relating to their staff members. This will effect all EU countries, but many of the provisions serve as best practice in all countries. All companies should, at least, be aware of how they collate, manage and store staff data.
The good news is that your Findmyshift account can help you comply with many of these regulations and best practices without you really having to do anything. With this in mind, here are some tips for managing your employees' data in general, and with Findmyshift.
Only collect and store data that you need
Like customer data, it's generally considered safest not to collect more information about a staff member than you really need. For example, staff profiles on Findmyshift only require you to enter a first name. Other information like email address, date of birth and telephone numbers are not required.
You do have the option to create custom fields for staff profiles which collect more information about staff (e.g. job title or qualifications), but again these are not required. If you do this, it's a good idea to be mindful of whether you really need this data for your company's operation, and if not, you may want to review your decision to collect it.
Limit what data staff can access about each other
If you are collecting sensitive data about your staff and it is relevant to their employment, then be sure to have procedures in place that keep that information private from other staff.
In your Findmyshift account, you have a number of privacy settings you can edit. For example, you can prevent staff from seeing each others' names, shifts, contact details or requests.
As with many aspects of privacy, it's a balance of determining what information you need to run your business whilst protecting staff privacy.
No automated staff rotas
Some online scheduling services provide the option to automate rotas, filling empty shifts automatically. The updated EU regulation suggests that this may infringe employees' privacy if these services didn't give staff the option to opt out of the automated scheduling.
Findmyshift doesn't offer automated scheduling so you don't have to worry about being non-compliant. Instead, you can create templates which you can instantly apply to future weeks if your staff work regularly repeating shifts.
Delete staff data on request
As it states in the updated EU data handling regulation, staff can now request to have data on them deleted when its storage is no longer required, for example, if the staff member has left the company. If you receive such a request you can easily delete a former staff member's profile and information from your Findmyshift schedule.
Staff can be removed from your rota by entering a finish date in their profile. You can also use the delete button on a staff member's profile (under "Show advanced options"), which automatically sets their finish date to the day of the last shift they are scheduled to work on your staff rota. Once the finish date on their profile has passed the staff member will no longer be able to log in to the rota.
Alternatively, anonymise staff data
It's possible that data relating to a staff member who has since left the company could still be relevant for your administration or operations. To ensure that you still keep this data for relevant reports, you should consider anonymising the information, i.e. removing personal identifiers like names and contact details.
It's very easy to anonymise staff information on Findmyshift - all you need to do is replace their name with an staff ID that matches with your employment records.
Be audit ready
Privacy laws in most countries include provisions for audits at short notice. This is why it's important to be on top of your privacy and information handling policies.
Luckily, with a Findmyshift account some of the data they will ask for is readily available in report format. From your reporting dashboard you can view or download reports relating to hours worked by staff, the length of shifts they worked as well as payroll information. You can also use your Findmyshift account as an example of the minimum information you have about your staff.
Keep staff data safe
How you manage and store staff data is just as important as how you handle customer data. You should never share staff data with third parties not involved in the operation of your business or their employment. Needless to say this means not using staff information for marketing purposes or selling their data to another organisation.
When you do need to use third parties and they ask for information about your staff - like Findmyshift does - be sure to check that their privacy policy is respectful of this too. If you can't find a privacy policy on a company's website, then ask them for one before you enter into any agreement with them.
For more information about how we handle your data, take a look at our privacy policy.