Project Description

📖 4 mins read

Today, employers need to stay vigilant to HR data privacy compliance to avoid penalties, fees, or even legal action.

From Social Security numbers (SSNs) to salary details, background checks, health care and retirement plans, etc. There’s a lot to safeguard. 

For CIOs that means rethinking every HR administrative process that involves employee data, right from the hiring stage.

In this blog post we’ll show you SIX ways to protect employee data and improve HR data privacy compliance in Google Workspace.


How to protect employee data in Google Workspace?

Employee Data Compliance in Google Workspace

1. Create separate Organisation units (OUs)

Create separate OUs across your Google Workspace domain to separate users who manage private employee data and users who don’t. 

Let’s explore that in a HR setting:

Your HR department manages personal/sensitive employee data, but only a subset of your HR users actually need access to such sensitive data.

For that you need to configure a separate HR OU for these users with the security settings outlined below configured appropriately. 

*Read more on how the organizational structure works here.


2. Ensure only approved access to sensitive Drive content

Make sure the right employees have the right level of access to employee data.

After creating separate OUs, you need to who has what Drive access levels to files and folders that contain private employee data.

In Google Workspace that means:

Rule of thumb: Only those who truly need private employee data should be able to access it (that applies to outside vendors, too!).


Blog- 6 Ways to Improve HR Data Privacy Compliance in Google Workspace



3. Streamline data retention schedules for leaving Google users

How (and when) you handle the private data of leavers in Google Workspace is pivotal. 

Establishing a workflow for data retention minimizes compliance risks and makes things way easier for HR teams.

In Google workspace that means sticking to a timely workflow that covers the following areas:

Note: Restrictions on how long an employer can keep private employee data of leavers on record vary from one country to another.

*BONUS: Data Subject Access Requests (DSAR) in Google Workspace

This workflow will also help you handle any DSAR requests more efficiently by covering all essential bases in Google Workspace.


4. Track who accessed which content in Google Workspace

You need to understand who accessed which content and when for compliance reasons. 

This will get your back always covered when data compliance claims are made and you need to further investigate to understand (and prove) what actually happened.


Blog - 6 Ways to Improve HR Data Privacy Compliance in Google Workspace 2


5. Report on sensitive content in Real-time

Times is of essence when it comes to HR data privacy compliance. 

Your data breach response plan needs to be spot on. That requires ongoing data auditing and analysis measures to stay on top of everything 24/7.

Review and update your current plan for Google Workspace and make sure you:

  • Beat the clock with real-time alerts for sensitive employee documents in your domain.
  • Configure daily/weekly DLP reports for private employee files in Google Drive.
  • Set up an alert every time anyone in the domain downloads a certain number of files from your domain or sends outside x number of emails to any given domain or email address.
  • Have the ability to run a Domain-wide live Drive files and emails content search to look up for any sensitive information being accessed or shared from any unauthorized user.

That way if a data breach does occur, you’ll get instantly notified and can ACT FAST. 

*Get granular with Drive DLP Regex Alert rules for PII (personally identifiable information) using GAT+.


6. Allow employees to easily correct and/or delete their personal information

Don’t forget that ‘Right to rectify’.

When it comes to GDPR for HR (or other data protection laws) , it’s important to remember employees also have the right to access, obtain, rectify and request the deletion of their personal data.

In Google Workspace translates into:

  • Establishing a friendly Drive workflow that allows each individual employee to easily view and amend his/her private data at any time.
  • Deploying powerful filtering across your domain to find ALL private data on record for any employee fast.


Important note 💡

Make sure HR employees have a clear understanding of  your organisation’s employee data privacy compliance and governess requirements under GDPR, or any other data privacy laws.

That’ll help you identify which data needs to be protected and align your Google Workspace environment accordingly.


Well that’s it from us today — we hope you’ve found this piece useful and stay tuned for more content on managing HR operations in Google Workspace.

To learn more about how GAT for HR covers your data privacy compliance needs and beyond in Google Workspace click here.

Thanks for sharing and spreading the word!