• Partners
  • Investors
  • Press
Idlegcy-logoIdlegcy-logoIdlegcy-logoIdlegcy-logo
  • Home
  • Vision
  • Offering
  • Ecosystem
  • News
  • Contact
  • Home
  • Vision
  • Offering
  • Ecosystem
  • News
  • Contact

Does HR really need the personal data they are saving?

“Before I started the first GDPR exercise, I asked my team whether we really needed the data we were collecting and storing”, says Remko Westerbeek, who used to be the global HR Manager of a multinational climate control company, and is now coaching business leaders on people aspects. “One of the classic items HR was saving was a copy of our collaborator’s ID. It is so evident to take a copy of the ID card of a new staff member, and save it in the company files, that no one still reflects on the why.”

Do we really need to save a copy of the ID card?

Westerbeek and his team did reflect on the why, and discovered no real need for keeping such a copy. “Of course, we kept asking to see the ID card. You do want to know whether the person in front of you really is who he or she claims to be. Only when you are sure about that person’s identity, you will give the person a badge, and all the access rights to the IT systems. Security first. But, later on, no one ever checks for the ID card again. So why go through all the trouble, and save a copy?”

Westerbeek saw the challenge of those ID card copies. “The issue is that you have to save them in a safe environment. Maybe scan them. And then take care of sufficient digital security. The copy of their ID card is a sensitive document for collaborators. When such a copy would be stolen or hacked, the employer image of your company could be hurt. So I preferred not to store it and that saved me a lot of time, worry, and budget.”

Will we remember the HR promises three years after one person leaves?

There is also the very slow workflow, which is a challenge. When putting a small line in the privacy statement saying “we will delete the data three years after you leave the company”, most HR people do not realize that they are creating obligations for the long term that are not easy to follow-up, mainly because they are in itself too small to remember.

“But, three years after a person leaves the company, HR has to follow-up on the deletion of that information. The question is, will they still remember this obligation in three years? And other questions will also arise then: where is the copy of the ID card? What’s the procedure? What files and systems should we be looking into?”

Although Westerbeek could have used the Idlegcy I.CNTRL.IT business solution for this slow workflow, he preferred not to have to bother about it at all. “And so, we avoided to save the copy of the ID card, and decided to only inspect it during the recruitment process.”

Do you want to receive our updates?

Sign up here
Do you want to receive our updates?
Share this:

Related tips

How to find out what personal data companies store on you

Idlegcy defined four shades of privacy. Most people talk about documented privacy, when they talk about the GDPR initiatives of their organization. That is only the basic shade. There are three more shades.

Read more
Published by helen.kuremaa@impactbuilders.eu
23 February 2020
Four shades of privacy – safe and win-win privacy are for business winners

Four shades of privacy – safe and win-win privacy are for business winners

Idlegcy defined four shades of privacy. Most people talk about documented privacy, when they talk about the GDPR initiatives of their organization. That is only the basic shade. There are three more shades.

Read more
Published by hein.bruggeman@idlegcy.com
8 September 2019

GDPR should be about much more than penalties

The first penalties should not drive the attention away from the essence: GDPR is about a basic human right that individuals’ data should be treated with respect.

Read more
Published by hein.bruggeman@idlegcy.com
2 July 2019

IDLEGCY NV

Ninovesteenweg 198 / 29
BE-9300 Aalst
Company ID: BE-0686.716.547
logo idlegcy
© 2023 - Idlegcy NV, Kastanjelaan 81, BE-9620 Zottegem, company ID: BE-0686.716.547. Privacy statement. Cookie statement.
    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie policyOK
    Privacy & Cookies Policy

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT