Human Resources Management System (HRMS)
Data protection
is a fundamental right that seeks to protect the intimacy and privacy of
natural persons against violations that may occur due to the collection,
storage and indiscriminate use of their personal data by legal entities. This
protection is an issue that HR departments must take care of, since to carry
out the most common procedures, such as selection, hiring, risk prevention, payroll
we collect numerous personal data.
First of all, I
would like it to be clear that it is a personal data; the Article
3 of Organic Law Data Protection states that it is any, alphabetical,
graphic, photographic, acoustic or any other individuals concerning numerical
information identified or identifiable. On many occasions, the human
resources department must process this personal data that article 5.1.t) of the
RLOPD Regulation as “any operation or technical procedure, whether automated or
not, that allows the collection, recording, conservation, elaboration,
modification, consultation, use, cancellation, blocking or deletion, as well as
data transfers resulting from communications, consultations, interconnections
and transfers ”.
The most
important moments of personal data processing in the HR department are:
In
the Personnel Selection procedures:
The Spanish
Agency for Data Protection recommends having standard forms for the
formalization of the curriculum and a procedure for formalization and delivery
of the same by the candidates, since this allows not only adequately informing
but to precisely define the type of data to be processed, establishing security
measures etc.
If the
curriculum is presented directly by the candidate without having been
requested, information procedures must be established that entail some
acknowledgment or confirmation of knowing the conditions under which the
treatment will take place.
In the
employment contract it is an adequate means to inform the worker regarding the
processing of personal data. But this does not exempt the duty of
information on the processing of personal data that the company decides to
carry out after the birth of the employment relationship.
During
the development of the labor benefit:
There may be
many occasions that may cause a new data protection treatment, such as if a
video surveillance control system is installed, or if a worker joins a union
and the union fee is deducted. It will be necessary to inform the worker of all
changes that affect the processing of personal data.
With
the Workers' Representatives:
In principle,
the duty of information is intended for the affected or interested
party. However, in those treatments that affect the group of workers, it is
highly recommended to provide information prior to their
representation. For example:
In the case of
the development of business controls, controls over Internet browsing, or the
use of controls to record entry, exit or presence at the post.
In
contracting life insurance and pension plans:
On many
occasions, companies and groups of companies constitute life insurance and
pension plans for the benefit of their employees, either on a voluntary basis,
or by virtue of what is agreed in a Collective Agreement.
The Spanish
Agency for Data Protection establishes that it is convenient to precisely
define the procedure for collecting and processing personal data, opting for
the most effective method to guarantee the rights of those affected or
interested. In this sense, from the point of view of a treatment that is
absolutely respectful of the fundamental right, the most appropriate thing may
consist of, after informing the workers, transferring to the insurer, or the
pension plan manager, only the data of the insured or participants in the
pension plan, leaving the development of further procedures in their hands.
Payroll
management outsourcing:
In many
companies, payroll management is entrusted to an advisor or manager, in this
case the company that provides the data to the agency or advisor and must sign
a Treatment Manager contract with him, as indicated in article 12 of the LOPD,
which regulates the relationship between the company and the person in charge
of payroll management. This contract will include its scope, the
obligations that both parties subscribe to and how the personal data of the
workers will be processed
When it is
necessary to collect data of the type included in article 7 of the LOPD,
(religion, health, sexual life, ideology, etc.), it will be necessary to review
the need and proportionality of this type of treatment, granting the maximum
level of protection, except in the exceptional cases provided by law.
Finally, cite
article 10 of the LOPD, which establishes the duty of secrecy for all persons
involved in the processing of data, therefore every person from the Human
Resources department is subject to this duty even after the relationship
between them has ended. to the enterprise.
No comments:
Post a Comment