Personal Data Protection
Why is personal data protection so important, we can consider it from two points of view. From the employee’s point of view, it is necessary to pay attention first of all to the need to ensure the security of these data. A leak of personal data can lead to serious consequences, not only financial but also social, for example, if health data is disclosed. From the entrepreneur’s point of view, it is necessary to remember the consequences related to processing personal data in a manner inconsistent with the law.
The GDPR foresees severe financial penalties in the event of a leak, even up to 20 million EUR or 4% of annual revenue.
VPN in the protection of an employee’s personal data
Today, when talking about data protection, especially in the era of remote or hybrid work, VPN is often mentioned. Virtual Private Network (VPN) is a type of network that provides encryption for all data leaving our terminals – for example, our computer to the internet. This is because all data leaving the computer connected to the internet first goes through VPN servers. It looks as if the user has been virtually transported to another place. Using VPN therefore secures our connection to the employer’s resources on the network, increasing the security of the data transmitted. However, it is important to be aware that using VPN will not erase all traces of access to the employer’s data.
Data retention policy in the data protection process
Data retention policy in the data protection process is a key element of a company’s security is the data retention policy. It defines procedures for determining the time of processing for the purpose of carrying out existing business processes. The main objective and the greatest advantage of data retention is to reduce the risk of its potential disclosure.
Tools ensuring the privacy of an employee’s personal data:
- Assigning appropriate permissions to selected HR administrators
- Enabling the creation of retention policies
- Automated data deletion or anonymization
- Automated process termination or initiation of “ad-hoc” retention with reminder system for the administrator
- Creating appropriate reports for GDPR inspectors