Today, employers need to stay vigilant to HR data privacy compliance to avoid penalties, fees, or even legal action.
From Social Security numbers (SSNs) to salary details, background checks, health care and retirement plans, etc. There’s a lot to safeguard.
For CIOs that means rethinking every HR administrative process that involves employee data, right from the hiring stage.
In this blog post we’ll show you SIX ways to protect employee data and improve HR data privacy compliance in Google Workspace.
How to protect employee data in Google Workspace?
1. Create separate Organisation units (OUs)
Create separate OUs across your Google Workspace domain to separate users who manage private employee data and users who don’t.
Let’s explore that in a HR setting:
Your HR department manages personal/sensitive employee data, but only a subset of your HR users actually need access to such sensitive data.
For that you need to configure a separate HR OU for these users with the security settings outlined below configured appropriately.
*Read more on how the organizational structure works here.
2. Ensure only approved access to sensitive Drive content
Make sure the right employees have the right level of access to employee data.
After creating separate OUs, you need to who has what Drive access levels to files and folders that contain private employee data.
In Google Workspace that means:
- Building the right Shared Drive structure for your HR teams ground up.
- Securing access rights to folders that contain private employee data.
- Reviewing file sharing exposure regularly for files that contain sensitive employee data (and auditing how they’re being shared across your domain).
Rule of thumb: Only those who truly need private employee data should be able to access it (that applies to outside vendors, too!).
3. Streamline data retention schedules for leaving Google users
How (and when) you handle the private data of leavers in Google Workspace is pivotal.
Establishing a workflow for data retention minimizes compliance risks and makes things way easier for HR teams.
In Google workspace that means sticking to a timely workflow that covers the following areas:
- Drive: Quickly filtering HR Drive files that contain private data belonging to a departing employee.
- Gmail: Identifying HR emails that contain private data belonging to that employee. (Emails sent from their private emails before they join the company, and their company emails).
- Calendar: Checking and clearing HR Calendar resources containing any private data associated with leavers.
Note: Restrictions on how long an employer can keep private employee data of leavers on record vary from one country to another.
*BONUS: Data Subject Access Requests (DSAR) in Google Workspace
This workflow will also help you handle any DSAR requests more efficiently by covering all essential bases in Google Workspace.
4. Track who accessed which content in Google Workspace
You need to understand who accessed which content and when for compliance reasons.
This will get your back always covered when data compliance claims are made and you need to further investigate to understand (and prove) what actually happened.
5. Report on sensitive content in Real-time
Times is of essence when it comes to HR data privacy compliance.
Your data breach response plan needs to be spot on. That requires ongoing data auditing and analysis measures to stay on top of everything 24/7.
Review and update your current plan for Google Workspace and make sure you:
- Beat the clock with real-time alerts for sensitive employee documents in your domain.
- Configure daily/weekly DLP reports for private employee files in Google Drive.
- Set up an alert every time anyone in the domain downloads a certain number of files from your domain or sends outside x number of emails to any given domain or email address.
- Have the ability to run a Domain-wide live Drive files and emails content search to look up for any sensitive information being accessed or shared from any unauthorized user.
That way if a data breach does occur, you’ll get instantly notified and can ACT FAST.*Get granular with Drive DLP Regex Alert rules for PII (personally identifiable information) using GAT+.
6. Allow employees to easily correct and/or delete their personal information
Don’t forget that ‘Right to rectify’.
In Google Workspace translates into:
- Establishing a friendly Drive workflow that allows each individual employee to easily view and amend his/her private data at any time.
- Deploying powerful filtering across your domain to find ALL private data on record for any employee fast.
Important note 💡
Make sure HR employees have a clear understanding of your organisation’s employee data privacy compliance and governess requirements under GDPR, or any other data privacy laws.
That’ll help you identify which data needs to be protected and align your Google Workspace environment accordingly.
Well that’s it from us today — we hope you’ve found this piece useful and stay tuned for more content on managing HR operations in Google Workspace.
To learn more about how GAT for HR covers your data privacy compliance needs and beyond in Google Workspace click here.