From Social Security numbers (SSNs) to salary details, background checks, health care and retirement plans, and more — employers today store and process huge amounts of private employee data. That’s why employers need to fully ensure HR data privacy compliance to avoid penalties, fees, or even legal action. 

For Chief information officers (CIOs) that means rethinking every HR administrative process that involves employee data, right from the hiring stage.

In this blog post, we’ll show you SIX ways to protect employee data and improve HR data privacy compliance in Google Workspace, so tune in!

 

6 WAYS TO IMPROVE HR DATA PRIVACY COMPLIANCE IN GOOGLE WORKSPACE

 

1. CREATE SEPARATE ORGANISATION UNITS (OUs)

Create separate OUs across your Google Workspace domain to separate users who manage private employee data and users who don’t. 

Let’s explore that in an HR setting:

Your HR department manages personal/sensitive employee data, but only a subset of your HR users actually need access to such sensitive data.

Here you need to configure a separate HR OU for these users with the security settings outlined in the subsequent points configured appropriately. 

*Read more on how the organizational structure works here.

 

2. ENSURE ONLY APPROVED ACCESS TO SENSITIVE DRIVE CONTENT 

Rule of thumb: Only those who truly need private employee data should be able to access it.

After creating your separate OUs, you need to know who has what Drive access levels to files and folders that contain private employee data.

Make sure the right employees (and third-party vendors) have just the right level of access to employee data.

In Google Workspace that means:

• Building the right Shared Drive structure for your HR teams ground up.
• Securing access rights to folders that contain private employee data.
• Reviewing file sharing exposure regularly for files that contain sensitive employee data (and auditing how they’re being shared across your domain). 

 

3. STREAMLINE DATA RETENTION SCHEDULES FOR LEAVING GOOGLE USERS

How (and when) you handle the private data of leavers in Google Workspace is pivotal. 

Establishing a workflow for data retention minimizes compliance risks and makes things way easier for HR teams.

In Google Workspace that means sticking to a timely offboarding workflow that covers the following areas:

• Drive: Quickly filtering HR Drive files that contain private data belonging to a departing employee.
• Gmail: Identifying HR emails that contain private data belonging to that employee. (Emails sent from their private emails before they join the company, and their company emails).
• Calendar: Clearing Calendar resources of any private data associated with leavers.

Note: Restrictions on how long an employer can keep private employee data of leavers on record vary from one country to another.

DATA SUBJECT ACCESS REQUESTS (DSAR) IN GOOGLE WORKSPACE

This workflow will also help you handle any DSAR requests more efficiently by covering all essential bases in Google Workspace.

 

4. TRACK WHO ACCESSED WHICH CONTENT IN GOOGLE WORKSPACE

You need to understand who accessed which content and when for compliance reasons. 

This will get your back covered when data compliance claims are made and you need to further investigate to understand (and prove) what actually happened.

 

 

5. REPORT ON SENSITIVE CONTENT IN REAL-TIME 

Time is of essence when it comes to HR data privacy compliance. 

Your data breach response plan needs to be spot on. This requires ongoing data auditing and analysis measures to stay on top of everything 24/7.

Review and update your current plan for Google Workspace and make sure you:

• Beat the clock with real-time alerts for sensitive employee documents in your domain.
• Configure daily/weekly DLP reports for private employee files in Google Drive.
• Set up an alert every time anyone in the domain downloads a certain number of files from your domain or sends an outside x number of emails to any given domain or email address.
• Have the ability to run a Domain-wide live Drive files and email content search to look up for any sensitive information being accessed or shared by any unauthorized user.

This way if even a data breach does occur, you’ll get instantly notified and can ACT FAST.

*Get granular with Drive DLP Regex Alert rules for PII (personally identifiable information) using GAT+.

 

6. ALLOW EMPLOYEES TO EASILY CORRECT/OR DELETE THEIR PRIVATE INFORMATION

Don’t forget that ‘Right to rectify’.

When it comes to GDPR for HR (or other data protection laws), it’s important to remember employees also have the right to access, obtain, rectify, and request the deletion of their personal data.

Which is Google Workspace translates to:

• Establishing a friendly Drive workflow that allows each individual employee to easily view and amend his/her private data at any time.
• Deploying powerful filtering across your domain to find ALL private data on record for any employee fast.

 

Important note 💡

Make sure HR employees have a clear understanding of your organization’s employee data privacy compliance and government requirements under GDPR, or any other data privacy laws.

That’ll help you identify which data needs to be protected and align your Google Workspace environment accordingly.