In 2018, the UK decided to retain the GDPR (General Data Protection Regulation) and maintain it in parallel with their newly revised DPA 2018 (Data Protection Act). Any companies operating in the UK must follow the guidelines set out in these regulations.
Under the UK GDPR and DPA 2018, your HR team is most likely serving as a “data controller”, meaning you have several obligations to meet in terms of looking after sensitive employee data. One of these obligations is to ensure that any data processors you use – such as an HR software company like SenseHR – provide adequate guarantees to implement appropriate technical and organisational measures.
This page is designed to show you how SenseHR, as a data processor, helps you to protect your sensitive employee data, in line with UK GDPR and DPA 2018.
SenseHR was built by experts who have been building and servicing HR systems since 2005. We remember GDPR being announced in April 2016. And we remember vividly managing the transition from DPA 1998, to the new DPA 2018 – which became active on 23rd May 2018, two days before GDPR became the law. But while we have experience ensuring HR systems are being run in full compliance with these laws, we don’t rely solely on our memories – we actively employ and work with security and data privacy professionals, to ensure our systems remain up to date and in compliance with the latest data privacy laws and regulations in the UK.
Our terms and conditions all reflect requirements set out by DPA 2018 and the UK GDPR, and can be found on our terms and conditions page here.
Our cloud-based HR system, SenseHR, has all of the necessary functionality for compliance with the UK GDPR and DPA 2018. This includes giving our customers reassurance that when they need to delete sensitive data, it is deleted in a way that complies with acceptable use as set out under these guidelines. Administrators can delete employee data via SenseHR at any time during their agreement with us, and we have included data export facilities into our services, to ensure customers can always respond timely to information requests, or can switch to an alternative provider without losing any data. Further to this, we take data security very seriously – and SenseHR is hosted securely via Microsoft Azure, with no data being stored outside of the UK, thus meeting the requirements of the UK GDPR and DPA 2018. For more information about how we ensure data security at SenseHR, you can read our security page here.
As a data processor, we recognise the need to meet our obligations under the GDPR and DPA 2018. For example, by processing data only in accordance with customer’s instructions, as described in our data processing agreements. We also commit to timely breach reporting in the unlikely event of data breach incidents. As a responsible HR software provider with a strong company culture focused on data security, we are also committed to operating via processes that meet the standards set out by ISO27001. SenseHR also adheres to the requirements of the GDPR and DPA 2018 with regards to the use of sub-processors.
All of SenseHR’s employees must sign a confidentiality agreement, and complete mandatory confidentiality, privacy and data security training. Our code of conduct also outlines expected behaviour with respect to the protection of information.