This article discusses how to download and anonymise employee data and the reasoning behind why this functionality would be used. Although this article primarily focusses on GDPR obligations, employers may have their own reasons for wanting to use any of these features.
Introduction to GDPR
GDPR, short for General Data Protection Regulation, is a regulation on data protection and privacy for all individual citizens of the European Union (EU). This legislation came into effect on 25 May 2018.
Although an EU regulation, GDPR is not restricted to only businesses located in the EU. Rather it applies to any business, regardless of the country it's located in, that processes personal data relating to an individual in the European Union. So basically, if you operate a business that employs staff who are identified as EU individuals (known herein as "GDPR employee"), then GDPR will apply to you.
Downloading employee data
At any time during the employee's employment or thereafter, the employee has the right to request a copy of all data pertaining to the employee and held by the employer. To facilitate this request, the employer can download employee data for both active and terminated employees.
To do this, access the employee's file and click on the "Terminate" or "Re-Activate Employee" dropdown button (depending on the employee's employment status) to access the 'download employee data' option. The following employee data will be downloaded (where applicable) in a zip file:
- An excel spreadsheet containing personal employee details such as name, date of birth, start date, address, contact numbers, emergency contact details, tax code declaration data, bank accounts, pay run defaults, pay run inclusions, qualifications, timesheets, leave requests, expense requests and rostered shifts;
- Documents, separated in sub-folders, attached to the following:
- Leave requests;
- Timesheets; and
- Expense requests.
- Other employee documents (but not business documents);
- Photos captured using Clock Me In or WorkZone when clocking in/out;
- Employee profile picture; and/or
- Pay slips.
You can utilise the download data functionality at any time during the employee's employment cycle and it can be used more than once.
Anonymising employee data
The introduction of GDPR brings about an entitlement for EU individuals to request their personal data be erased. This entitlement is also known as "the right to be forgotten". Additionally, an important note to make is that NZ employers are required to retain all employment related records for up to 7 years. As such, after the 7 year period has elapsed and only once that period has elapsed, a GDPR employee has the “right to be forgotten”.
As deleting employee information will impact pay run information and reporting, we do not completely erase employee data. Rather, what anonymising employee data will result in is:
- Anonymising any personally identifiable information to make it impossible to identify the employee; and
- Deleting non-core payroll data that, once anonymised, cannot be retrieved thereafter.
The anonymising employee functionality is only available for terminated employees. To commence this process, access the GDPR employee file and click on the "Re-Activate Employee" dropdown button. You will be directed to the following warning modal dialog:
In order to proceed with anonymise the employee data, you must enter "continue" in the text box and then click on "Anonymise". Please note: once this action is undertaken, it cannot be reversed and employee data cannot be restored. As such, we strongly recommend exercising extreme caution and only performing this action in legitimate circumstances.
Upon clicking the “Anonymise” button, the following actions will occur:
- Employee name will be encrypted using one way encryption. An example of what the employee's name will now be displayed as is as follows:
- Employee title, preferred name middle name, previous surname, date of birth, residential address, postal address, email, phone numbers and external ID will be deleted.
- Emergency contact details will be deleted.
- Employee's IRD number will change to 111111111.
- Job title will be deleted.
- Bank account numbers will be displayed as 1s. Bank account name will be one way encrypted.
- Qualifications and their associated documents will be deleted.
- Employee documents unique to that employee (ie not business documents) will be deleted.
- Any photos captured from clocking activities (through WorkZone and/or Clock Me In) as well as the employee's profile image will be deleted.
- Timesheet notes (generated from Clock Me In) will be deleted.
- Employee portal access for the employee will be revoked.
- All audit events pertaining to the employee will be deleted. This relates to audit events generated using the Employee Details Audit Report. The report will, however, display events for deleted documents and revoking employee portal access and the user listed in the "change made by" column will be the user who anonymised the employee data.
If you have any questions or feedback please let us know via firstname.lastname@example.org.