From Social Security numbers (SSNs) to salary details, background checks, health care and retirement plans and more — employers today store and process huge amounts of private employee data.
That’s why employers need to fully ensure HR data privacy compliance to avoid penalties, fees, or even legal action.
For Chief information officers (CIOs) that means rethinking every HR administrative process that involves employee data, right from the hiring stage.
In this blog post we’ll show you SIX ways to protect employee data and improve HR data privacy compliance in Google Workspace, so tune in!
6 WAYS TO IMPROVE HR DATA PRIVACY COMPLIANCE IN GOOGLE WORKSPACE
1. CREATE SEPARATE ORGANISATION UNITS (OUs)
Create separate OUs across your Google Workspace domain to separate users who manage private employee data and users who don’t.
Let’s explore that in a HR setting:
Your HR department manages personal/sensitive employee data, but only a subset of your HR users actually need access to such sensitive data.
Here you need to configure a separate HR OU for these users with the security settings outlined in the subsequent points configured appropriately.
*Read more on how the organizational structure works here.
2. ENSURE ONLY APPROVED ACCESS TO SENSITIVE DRIVE CONTENT
Rule of thumb: Only those who truly need private employee data should be able to access it.
After creating your separate OUs, you need to know who has what Drive access levels to files and folders that contain private employee data.
Make sure the right employees (and third-part vendors) have just the right level of access to employee data.
In Google Workspace that means:
- Building the right Shared Drive structure for your HR teams ground up.
- Securing access rights to folders that contain private employee data.
- Reviewing file sharing exposure regularly for files that contain sensitive employee data (and auditing how they’re being shared across your domain).
3. STREAMLINE DATA RETENTION SCHEDULES FOR LEAVING GOOGLE USERS
How (and when) you handle the private data of leavers in Google Workspace is pivotal.
Establishing a workflow for data retention minimizes compliance risks and makes things way easier for HR teams.
In Google workspace that means sticking to a timely offboarding workflow that covers the following areas:
- Drive: Quickly filtering HR Drive files that contain private data belonging to a departing employee.
- Gmail: Identifying HR emails that contain private data belonging to that employee. (Emails sent from their private emails before they join the company, and their company emails).
- Calendar: Clearing Calendar resources of any private data associated with leavers.
Note: Restrictions on how long an employer can keep private employee data of leavers on record vary from one country to another.
DATA SUBJECT ACCESS REQUESTS (DSAR) IN GOOGLE WORKSPACE
This workflow will also help you handle any DSAR requests more efficiently by covering all essential bases in Google Workspace.
4. TRACK WHO ACCESSED WHICH CONTENT IN GOOGLE WORKSPACE
You need to understand who accessed which content and when for compliance reasons.
This will get your back covered when data compliance claims are made and you need to further investigate to understand (and prove) what actually happened.
5. REPORT ON SENSITIVE CONTENT IN REAL TIME
Time is of essence when it comes to HR data privacy compliance.
Your data breach response plan needs to be spot on. This requires ongoing data auditing and analysis measures to stay on top of everything 24/7.
Review and update your current plan for Google Workspace and make sure you:
- Beat the clock with real-time alerts for sensitive employee documents in your domain.
- Configure daily/weekly DLP reports for private employee files in Google Drive.
- Set up an alert every time anyone in the domain downloads a certain number of files from your domain or sends outside x number of emails to any given domain or email address.
- Have the ability to run a Domain-wide live Drive files and emails content search to look up for any sensitive information being accessed or shared from any unauthorized user.
This way if even a data breach does occur, you’ll get instantly notified and can ACT FAST.
*Get granular with Drive DLP Regex Alert rules for PII (personally identifiable information) using GAT+.
6. ALLOW EMPLOYEES TO EASILY CORRECT/OR DELETE THEIR PRIVATE INFORMATION
Don’t forget that ‘Right to rectify’.
Which in Google Workspace translates to:
- Establishing a friendly Drive workflow that allows each individual employee to easily view and amend his/her private data at any time.
- Deploying powerful filtering across your domain to find ALL private data on record for any employee fast.
Important note 💡
Make sure HR employees have a clear understanding of your organisation’s employee data privacy compliance and governess requirements under GDPR, or any other data privacy laws.
That’ll help you identify which data needs to be protected and align your Google Workspace environment accordingly.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.