The internet is an inescapable part of all of our lives. From working, shopping, and connecting with friends, through to major life events, we leave a digital footprint with every interaction.

However, with all the benefits it brings, the privacy and data security issues that come with it have been two of the biggest and most persistent topics of 2018. High profile breaches and misuses of personal data regularly lead news reports. Each case further damages the trust between people and those who collect and hold their data.

To give people greater protection and control over their data and digital footprint, the European Union introduced the General Data Protection Regulation (GDPR), which came into force on 25th May 2018.

The benefits to the individual are clear. However the GDPR has been a big concern for businesses, not least because non-compliance can result in eye-wateringly high potential penalties of up to €10m. Aside from the financial and reputational damage, no employer wants its people to think their data is not being treated with care.

Given the great importance and sensitivity of the data it holds, Darwin has always been extremely strong on data security and privacy, and to bring the software in-line with GDPR, we made changes in three main areas:

Privacy Policy

Our privacy policy is displayed on Darwin to ensure your employees understand how we process and store their data and how they can change / delete their data. Employees can easily access our privacy policy at all times from the footer of Darwin and also at the login page.

Data minimisation

This is a major principle of GDPR, which means that we should only hold information that is needed for processing benefits. As such, we have removed standard fields from Darwin including ethnic origin.

Special category data

Darwin must capture explicit employee consent if an employee enters data that falls under Article 9 of GDPR (Special Category Data) into the system. For example if an employee is providing health information into Darwin about themselves or a dependent, they must tick a box to consent to providing this information. The captured consent easy to audit and report on through the audit notes feature in Darwin’s Control Centre.

As we move forwards in the new GDPR world, HR teams need to feel confident that their processes and the providers they work with treat their employees’ data with the care it deserves. As such, it’s important to build on the changes the regulation has introduced to set a new standard for data security and privacy in your business.