The nation is underway to get a Personal Data Protection Act implemented, which will considerably impact the way enterprises collect their data about not just their customers but also their employees. It goes without saying that HR & Payroll departments in any organization retain the maximum personal data of their employees. Until last year, companies who recorded and maintained personal information of their employees for official purposes had their own procedures and systems to ensure their complete protection from unauthorized access, fraud or misuse. In Dec 2019, the Government of India tabled a draft law in Parliament in an effort to formally legalize the protection of personal data of its citizens.
A draft of the law reads as follows:
“To provide for protection of the privacy of individuals relating to their personal data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the fundamental rights of individuals whose personal data are processed, to create a framework for organizational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorized and harmful processing and to establish a Data Protection Authority of India for the said purposes and for matters connected therewith or incidental thereto….”
How to ensure compliance?
Needless to mention, utmost care should be taken to ensure data security at all times.
Things that can be done to keep the data safe —
- Data should be stored in password-protected drives or folders, preferably in an encrypted mode.
- Maintaining a list of authorized input providers as well as a list of authorized output receivers will ensure the right data is accessible only to appropriate people for explicit reasons. Example: Members from HR or Legal teams can be provided certain personal data for specific purposes only. Data would mean soft copies of personal data stored in servers (including back-up servers), apps, drives, disks, pen drives, cloud, etc as well as hard copies of documents, records, agreements, contracts, KYC documents, etc.
- Encrypt the emails where only an authorized recipient can open it by establishing trusted source lines (TSL) by using their email ids as the primary identifier. Example: Companies who have outsourced their payroll or statutory processes may need to share sensitive data either via email or hard copies or upload data on servers outside of their secure areas.
- Choosing vendor establishments who have security procedures or to safeguard the data of their clients.
- The company should focus on policy that talks about the way employee data would be collected, stored, analyzed and destroyed.
- The allegiance calls for transparent communication platforms and protocols regarding employee data collection as well as protection.
How greytHR PIVault helps you to protect your data?
Presumably, HR & Payroll personnel would now be directly responsible to ensure compliance of this PDP Bill once it comes into force. Payroll software companies like Greytip Software Pvt Ltd have already implemented secure data protection features in their products much ahead of these laws.
‘greytHR PIVault’ is an advanced security solution that prevents data from unauthorized access. It stores all Sensitive Personal Identifying Information (SPII) data in a dedicated storage facility and uses a multi-layered encryption system to protect it. Here are some of the features of greytHR PIVault:
- Centralized service that encrypts, decrypts, and manages SPII data.
- Unique storage facility for storing your employees’ Aadhar data (Aadhaar vault)
- Centralized storage of all your SPII data.
- UUID reference tokens instead of SPII data to prevent dispersion.
- Masked data for convenient handling of application and MIS reporting.
- Advanced encryption using AWS KMS.
- Bulk data processing facility for easy imports and report generation.
Want to learn more about how we can help you? Contact Us Now!(https://www.greythr.com)