3 ways your HR processes might be risking $22,589,000

working remotely

Tasked with managing and protecting personnel records, HR has the huge responsibility of ensuring sensitive information remains secure at all times. Although we tend to think of data breaches as the work of malicious hackers, carelessness and mishandling of these documents are just as likely to be the culprit.

After all, HR departments generate a mountain of data and documents; and although most HR professionals say technology helps them do their jobs, 47 percent of them are still dependent on paper for key tasks such as compensation activities. Manual and paper-based processes in HR are not only inefficient, they also pose a risk to security and compliance.

Stricter privacy regulations—including, perhaps most significantly, the General Data Protection Regulation (GDPR), affecting anyone who touches the data of an EU citizen—mean organizations risk serious consequences for non-compliance. In fact, your organization can face fines of up to €20 million ($22,589,000) or four percent of annual revenue, whichever is the greater of the two.

Here’s just a sample of some of the documentation HR departments need to manage:

  • Benefits
  • Direct deposits
  • I-9s
  • Onboarding
  • Policy updates
  • Reviews
  • Time off requests

Assessing your risk

To determine if your organization’s HR processes pose a risk, ask yourself the following questions:

1. Do you know who’s accessing personnel files and why?

One of the biggest concerns about paper files is there is no record of who is accessing the documents and what they’re doing with them. Even if documents are locked in a file room, there’s simply no guarantee they remain secure. For example, what if someone forgets to lock the door?

Also, when you rely on paper records, there is no record of who has accessed them – posing a significant risk for data breach or theft.

2. Can someone access files they shouldn’t?

With manual records, there is no way to enforce role-based access by users. In other words, to ensure that a manager only has access to files for the employees who work for him or her.

To minimize risk, access to data should be based on the principle of least privilege, which means users should only have the minimum access required to do their jobs.

3. Do you keep records long after you need them?

In the complex world of human resources regulations, how long you hang onto documents matters. GDPR regulations, for example, clearly spell out employees’ right to be forgotten, which means you need procedures in place for deleting data. Audits that uncover non-compliance can come with hefty fines—especially if they are charged per document. And remember, any organization collecting, processing, or using data of EU residents is affected.

With these questions in mind, HR professionals realize that content management isn’t just a nice-to-have; it’s an absolute necessity.

Gaining visibility and staying compliant

But in the last few years, there’s been a huge shift in content management—from self-contained enterprise content management systems to open services. That’s where content services platforms come into play, aggregating content across multiple repositories to connect disparate applications.

The right content services platform provides visibility into the full history of every user who accesses an employee file, so you can see who viewed the document, whether they made edits or amendments, as well as the date and time they accessed it. Using content services also minimizes risk by ensuring only secure, role-based user access to these files.

Additionally, a robust content services platform provides encryption when data is at rest (not actively being used), in transit (moving between servers within the database), and in use (being accessed by authorized users). Documents entered into the system are automatically identified and assigned a record type with appropriate time or event-based retention policies, which ensures documents are purged when required, minimizing compliance risk and removing the burden of records management from HR staff.content services

Focusing on people

From ridding your HR department of paper files, to ensuring the compliance and security of information and processes, a content services platform is an invaluable technological resource. But most importantly, it’s one that lets you focus on your organization’s most valuable resources: People.

And when people are empowered, human resources can claim its place as the dynamic, strategic business partner it’s meant to be.

Not all content services platforms are created equal. To learn more about how the right platform will empower the people in your organization, check out our new ebook, 7 Reasons Your HR Department Needs a Content Services Platform.

Danielle Simer is a marketing portfolio manager at Hyland. Her mission is to share best practices and evangelize the power of enterprise content management (ECM) as a tool to automate paper-based processes and improve operations across accounting and finance, human resources, and contract management. Danielle joined Hyland after more than six years with a research and advisory firm devoted to helping senior executives manage their departments and teams more effectively. She received her bachelor’s degree from The Ohio State University and her MBA from Georgetown University’s McDonough School of Business.
Danielle Simer

Danielle Simer

Danielle Simer is a marketing portfolio manager at Hyland. Her mission is to share best practices and evangelize the power of enterprise content management (ECM) as a tool to automate... read more about: Danielle Simer