Our range of HR, recruitment, onboarding and payroll solutions make it easier for you to comply with the GDPR regulations across every stage of the employee lifecycle. Plus, our off-the-shelf GDPR eLearning content will help you create an ‘information security-aware’ culture, ensuring your people understand their role in securing your organisation’s data.
Ciphr holds the ISO 27001:2013 certification, an internationally recognised best practice framework for an information security management system, as well as the Cyber Essentials Plus certificate of assurance, a government backed scheme that is independently audited – among many other accreditations.
Ensuring ongoing compliance with regulations such as the GDPR can be tricky for small and medium-sized organisations – particularly those that are growing fast, and are dealing with rising volumes of employees information from myriad sources, including job and pay records, health and wellbeing information, background and right to work checks, and even biometric time and attendance data.
Specialist GDPR compliant HR software such as Ciphr’s makes it easier to achieve and maintain ongoing compliance with the GDPR. Its in-built tools include:
"Ciphr really is first to market with a lot of its developments; I was a big fan of the GDPR data deletion and monitoring function, for example."
The pre-boarding phase – the period between a candidate accepting a new role with your organisation and their first day – is often a risk and a missed opportunity when it comes to adhering to, and reinforcing, good data security practices. With Ciphr’s employee onboarding software, you can:
With most job applications taking place online, and the sheer volume of total applications per role, your organisation must make sure you’re processing applicant data securely and compliantly.
Make your processes GDPR compliant by securely capturing and storing applicants’ personal data using our recruitment software, Ciphr iRecruit. Features include:
However you wish to run your payroll, Ciphr has a solution that enables you to securely transmit data between your HR system and chosen payroll software.
Our options include:
Ciphr’s ISO 9001 and ISO 27001 certifications give you added peace of mind that your payroll data is secure and our software is GDPR compliant. All payroll documents – such as P60s, P11Ds, and online payslips – can be published to our secure, cloud-based payroll software portal for self-service employee and manager access.
"Before we introduced Ciphr, every year we sent each employee a copy of their personal data and asked them to check and confirm it. Now they can update information in Ciphr whenever something changes, which is really important for GDPR compliance."
- Cotswold Archeology
Whether you need to securely store learners’ digital records, or engage learners with GDPR-related training content, Ciphr’s range of learning solutions are here to help:
When it’s time for an employee to leave your organisation, several teams will be involved with the offboarding process – from exit interviews to revoking access to company systems and technology. Streamline and standardise this process with Ciphr’s GDPR compliant HR software, which enables you to:
An organisation’s compliance with the GDPR is a shared responsibility among all departments. Each team (and individual) must ensure that personal data is handled in the correct way; for example, anyone can accidentally send a set of personal data to the wrong email recipient – and this would be considered to be a GDPR breach. HR professionals must ensure that employees’ personal data is collected, stored and processed in line with the GDPR’s requirements at every stage of the employee lifecycle, from hiring and onboarding through to exit and offboarding. But departments, including HR teams, also have wider responsibilities to ensure they are processing customer and employee data in a way that complies with the GDPR’s requirements. HR teams often support IT and information security teams by helping to create a data security-aware culture; this could be, for example, by ensuring that staff complete an annual information security eLearning training course.
No single software solution will guarantee that your organisation will comply with the GDPR. When it comes to GDPR compliant HR software, look for HR systems – such as Ciphr’s – that feature an array of tools and features to help your organisation collect, store and manage employees’ personal data in line with your data security policies and procedures (which should be in line with the GDPR’s requirements). Hallmarks of GDPR compliant HR software, such as Ciphr’s, may include:
To ensure your HR software is GDPR compliant, it must demonstrate adherence to the GDPR’s key principles and requirements: namely, that data protection is part of the intrinsic design of the software and your processes (how you use the software). There are many requirements for GDPR compliant HR software – we recommend speaking to a specialist to determine the compliance status of your HR software.
Any software your organisation uses to request/collect, access, store or manage personal data by any individual residing in the EU, or to any partner, supplier or third party inside the EU, must be GDPR compliant. Your HR software, recruitment software, learning management system, and payroll software, are no exceptions.
We would strongly recommend that you seek your own legal advice if you are unsure about the implications of data protection laws on your business. The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. While we have made every effort to ensure that the information provided on this document is correct and up to date, Ciphr makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. Ciphr will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information, or from any action or decisions taken as a result of using this information.