Having a streamlined process in place for the things you must do when an employee applies, joins or leaves is important. Especially when it comes to The General Data Protection Regulation, data breaches and Cyber Security.
How long should I keep a CV?
- When it comes to CV’s, interview notes or cover letters, how long should you keep these for? Ideally, 6 months is a realistic amount of time. If a discrimination claim were to be brought up, this would realistically occur during the first 6 months and this amount of time Is seen as a credible amount of time to hold these details for recruitment. As lets be honest, it’s not likely you’ll usually need that CV ever again.
- If you want to keep CVs for longer than 6 months, you should only do this if you legitimately see that employment could be a possibility within a 12 month period but it is recommended to ask applicants for their permission to hold this information. We would recommend that you ask this question as a checkbox at the application stage.
- It’s a smart move to get your new employees to sign a section of their contact to enable you to use their photographs before and after they leave for marketing comms. If this isn’t executed and an employee leaves and requests that you to delete all photos of them, you’ll be out of pocket if their photos are plastered all over every piece of printed marketing collateral.
- Only give permissions to key members to export data. Ensure that only the key members of your business, have access to. Not everyone needs to edit, copy or export so why give them the power when it could result in mistakenly deleting, editing or sharing data.
- Encrypt your data so when you need to send it on, other people cannot copy and paste or send to people outside of your organisation.
Please see the below example of how to enable restrictions on an excel spreadsheet. This could include, making the document read only and un-editable.
- Only send marketing comms to those people you have permission to communicate with.
- Restrict access to memory sticks for both GDPR and cyber security reasons.
- Create a security-first culture within your team!
There are the generic things, such as adding their leaving date to their payroll record, sending over their P45 and conducting a leaving interview but you must also think about the following:
- Change passwords for all accounts.
- Revoke access to all systems, including social media accounts.
- They have the right to ask you to delete everything of them. For example photographs, so be sure you know how to find all of this.
To conclude, people make mistakes – it’s human nature. Best practice would be to:
- Keep CV’s for 6 months and then delete them. You could set up a calendar notification to remind yourself to do this.
- Only allow a access to edit, copy or export data to those who need it.
- Lastly, be sure to revoke access to all systems and social media platforms. Create a checklist of all the systems and accounts you use so you are able to go through the list and action each, ensuring you don’t forget any.