BambooHR logo Close menu

Product Tour

  • Back

    Product Tour

    Features

    Packages

    Add-On

  • HR Library

  • Back

    HR Library

  • Testimonials

    About Bamboo

  • Back

    About Bamboo

  • Login

    Bamboo Blog

    GDPR Compliance: How BambooHR Protects Privacy

    GDPR

    BambooHR is pleased to announce that its systems and processes are compliant with the new General Data Protection Regulation (GDPR).  (GDPR is the new standard in the European Union (EU) governing the privacy and data protection of EU residents. This new standard goes into effect on May 25, 2018.) This means that, BambooHR stands ready to support and assist its clients who have employees residing in the EU as they also meet their own obligations under the GDPR.

    To comply with GDPR, companies who have EU based employees need to comply with the following important requirements:

    • Obtain consent to collect and process personal information
    • Protect personal data
    • Control access to personal data
    • Provide the option to erase personal data
    • Inform customers of data breaches

     

     

    How BambooHR Handles GDPR for HR Professionals

    BambooHR is staying ahead of the GDPR changes, both in its role as a data processor and in support of data controllers. BambooHR’s efforts include:

    • Providing a great software platform that allows client companies to comply with the GDPR requirements while still having a great experience.
    • Deploying industry-standard technical processes and procedures that protect data, both when it is in transmission and while we are hosting it. BambooHR demonstrates our compliance with these critical requirements through our annual SOC II audit by an independent auditing firm.
    • Providing a hosting center and data collection network within the EU. We selected world-class service providers for these critical processes: Rackspace and Amazon Web Services. Their stringent standards for data protection and security made them our choice for all of our customer data, including customers in the United States and the EU.
    • Working with EU and U.S. legal counsel to develop a Data Processing Agreement (DPA) that complies fully with the GDPR. This DPA, which will be the contract with all clients who are data controllers under the GDPR, also incorporates the European Model Clauses, also known as the Standard Contractual Clauses. (The Model Clauses were approved by the European Commission and are the industry standard for when personal data is transferred outside of the European Economic Area.)
    • Being certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. This certification also ensures that we comply with data protection requirements when transferring personal data from the EU and Switzerland to the United States.
    • Ensuring that we recognize that our clients own their data and that we process that data only in accordance with their instructions. This acknowledgement is recognized in our Terms of Service and Privacy Policy found at https://www.bamboohr.com/terms.php and https://www.bamboohr.com/privacy.php, respectively. Our Privacy Policy is incorporated into our Terms of Service and our Terms of Service is our contract with every client.
    • Following the GDPR definition of acceptable timelines when processing client data requests, whether it’s gathering consent, providing access, or erasing data. We will also provide prompt notification in the event of a data breach.
    • Staying abreast of continuing GDPR developments and guidance, to support our clients’ compliance efforts.

     

    See how our software can benefit your HR needs

     

    What You Can Do to Protect Your GDPR HR Data

    While it’s always a great time to think about improving data security, the GDPR deadline provides a good target for reviewing your organization’s privacy and security policies and evaluating how you put them into practice. While BambooHR has yet to have a data breach from hacking, there have been instances where individual customers have been careless with their login credentials or access permissions.

    HR watchdog protecting employees

    The best protection of personal information comes from a combination of continuously updated technology, thorough training for HR employees who handle and have access to personal data, and seamless communication about new requirements. BambooHR addresses each of these concerns with our features and support, and we will continue to support our clients as regulations evolve.

    For more information on the upcoming GDPR changes, visit the official EU homepage.

    BambooHR is the #1 HR software for small and medium-sized businesses. We set you free from spreadsheets so you can do great work.

    Find Out More

    Sign up for our Newsletter

    Why would you want to give us your email? Because that's the only way to get these tasty morsels of world-class HR wisdom delivered to your inbox every month.

    Send this to a friend