ClockRite Software and the GDPR
ClockRite Software Compliance Guide
As the ClockRite Software is used to store personal employee data it must be factored into your GDPR compliance policies and procedures. We believe that data held by the ClockRite Software is likely to be low-risk, and won't exceed information you would ordinarily collect and hold in the course of employing an individual.
All data is entered into the ClockRite Software by you, and remains your sole responsibility.
In this article
- What kind of data is stored in the ClockRite Software?
- Who has access to data stored in the ClockRite Software
- Tips and best practice
Not what you're looking for? Head back to the ClockRite System Information Centre, or back to the Portal
What kind of data is stored in the ClockRite Software?
All data is entered into the ClockRite Software by you, and should be factored into a data audit of personal employee information as part of your GDPR compliance. During normal operation the ClockRite Software may hold some, but not necessarily all, of the following information about an individual:
- First and last name
- Group/Department within your organisation
- Shift and overtime information
- Basic rate of pay
- Contracted hours
- Holiday entitlement
- Payroll number
- Start/Finish date
- Sage information
- Actual and amended hours worked
- Total pay
- Holidays, sickness, and lateness
Who has access to the data stored in the ClockRite Software?
It is up to you to determine who within your organisation will have access to the ClockRite Software. The software can be password protected, and can also be configured with tiered user profiles in order to restrict certain users from accessing unnecessary information. Back-end databases containing employee information are also password protected. The ClockRite Software is local to your organisation, and we do not have access to it or the information therein under normal circumstances.
On occasion it may be necessary for us to temporarily access the ClockRite Software and/or database as part of supporting your ClockRite System. We will only do this if no other viable alternative is available, and will clearly outline the data we intend to process and why. We will ensure that it is stored securely while in our possession, and that it is deleted immediately on conclusion of the support issue.
Tips and best practice for GDPR compliance
- From a data security standpoint, it's always a good idea to ensure access to the ClockRite Software is restricted to those who actually need it. Make sure individual users have their own password, and limit access to the areas of the software directly related to their duties.
- Ensure data entered into the ClockRite Software is kept current and accurate.
- It is advisable to perform regular archives of the data within the ClockRite Software to ensure historical attendance records are securely stored.
- Any data downloaded from the Clocking Terminal via USB drive should be deleted once it has been uploaded into the ClockRite Software.
- Have a set procedure in place for employees leaving your organisation. Think about how you might retain record of their employment and how this relates to the ClockRite Software. It's best not to duplicate information where possible.
- In line with the practice of data minimisation, ensure only relevant information is entered into the ClockRite System. If you're not planning to use the system to calculate pay, for example, it would be wise to omit pay rate from individual's employee records.
***This guide is for informational purposes only, and should not be relied upon as legal advice. It's important to conduct your own assessment of the employee data you intend to hold within the ClockRite System, how this pertains to the rights of individual employees, and your lawful basis for holding this information under the GDPR legislation. Compliance with the GDPR should be borne in mind at all stages of implementing a Time & Attendance System***