Most people are aware of data protection and privacy laws in relation to customer data, but are you familiar with your country's regulations on handling employee information?

The EU recently reformed its General Data Protection Regulation introducing some changes to the way companies should store and protect information relating to their employees. This will effect all EU countries, but many of the provisions serve as best practice in all countries. All companies should, at least, be aware of how they collate, manage and store employee data.

The good news is that your Findmyshift account can help you comply with many of these regulations and best practices without you really having to do anything. With this in mind, here are some tips for managing your employees' data in general, and with Findmyshift.

Only collect and store data that you need

Like customer data, it's generally considered safest not to collect more information about an employee than you really need. For example, employee profiles on Findmyshift only require you to enter a first name. Other information like email address, date of birth and telephone numbers are not required.

You do have the option to create custom fields for employee profiles which collect more information about employees (e.g. job title or qualifications), but again these are not required. If you do this, it's a good idea to be mindful of whether you really need this data for your company's operation, and if not, you may want to review your decision to collect it.

Limit what data employees can access about each other

If you are collecting sensitive data about your employees and it is relevant to their employment, then be sure to have procedures in place that keep that information private from other employees.

In your Findmyshift account, you have a number of privacy settings you can edit. For example, you can prevent employees from seeing each others' names, shifts, contact details or requests.

As with many aspects of privacy, it's a balance of determining what information you need to run your business whilst protecting employee privacy.

No automated employee scheduling

Some online scheduling services provide the option to automate rotas, filling empty shifts automatically. The updated EU regulation suggests that this may infringe employees' privacy if these services didn't give employees the option to opt out of the automated scheduling.

Findmyshift doesn't offer automated scheduling so you don't have to worry about being non-compliant. Instead, you can create templates which you can instantly apply to future weeks if your employees work regularly repeating shifts.

Delete employee data on request

As it states in the updated EU data handling regulation, employees can now request to have data on them deleted when its storage is no longer required, for example, if the employee has left the company. If you receive such a request you can easily delete a former employee's profile and information from your Findmyshift schedule.

Employees can be removed from your rota by entering a finish date in their profile. You can also use the delete button on an employee's profile (under "Show advanced options"), which automatically sets their finish date to the day of the last shift they are scheduled to work on your employee schedule. Once the finish date on their profile has passed the employee will no longer be able to log in to the rota.

Alternatively, anonymize employee data

It's possible that data relating to an employee who has since left the company could still be relevant for your administration or operations. To ensure that you still keep this data for relevant reports, you should consider anonymising the information, i.e. removing personal identifiers like names and contact details.

It's very easy to anonymize employee information on Findmyshift - all you need to do is replace their name with an employee ID that matches with your employment records.

Be audit ready

Privacy laws in most countries include provisions for audits at short notice. This is why it's important to be on top of your privacy and information handling policies.

Luckily, with a Findmyshift account some of the data they will ask for is readily available in report format. From your reporting dashboard you can view or download reports relating to hours worked by employees, the length of shifts they worked as well as payroll information. You can also use your Findmyshift account as an example of the minimum information you have about your employees.

Keep employee data safe

How you manage and store employee data is just as important as how you handle customer data. You should never share employee data with third parties not involved in the operation of your business or their employment. Needless to say this means not using employee information for marketing purposes or selling their data to another organisation.

When you do need to use third parties and they ask for information about your employees - like Findmyshift does - be sure to check that their privacy policy is respectful of this too. If you can't find a privacy policy on a company's website, then ask them for one before you enter into any agreement with them.

For more information about how we handle your data, take a look at our privacy policy.