Adjustments for the EU-GDPR
With version 3.2 of TimePunch, various adjustments have been made to the implementation of the new basic European data protection regulation, which has been valid since 25 May 2018.
GDPR -Information sheet
A new report has been implemented in TimePunch to comply with employees' right to information about their stored data.
The report shows all data stored for an employee on two pages. For the individual data blocks, it is also transparent which employees have read or write access to the employee's data.
This report can only be executed by the administrator or the data protection officer.
GDPR- Data deletion process
TimePunch offers the possibility to delete data for historical employee data. According to current case law, working time data must be kept for 6 or 10 years.
In the menu "Extras / DSGVO – Data deletion process" a corresponding dialog opens, which shows all employees whose employee data has been saved for longer than the set number of years.
Hint: If you deselect the "Display active employee profiles" checkbox, employees who have already been dismissed and are no longer with the company are also displayed. The data can also be deleted by these employees.
The deletion can be started by clicking on the "Execute data deletion" button.
When you click on the "Execute data deletion" button, the employees are sorted by name, listed in a separate dialog and explicitly asked again for permission to delete data.
Once the correctness of the displayed profiles has been checked, the "Delete" button must be selected.
After that there is another technical query regarding the data backups.
Hint: Since data deletion can no longer be undone, it is strongly recommended that you make a database backup before deleting the data.
Only after confirming the dialog with "Ok" the data deletion is carried out and confirmed to the user.
Role of the Data Privacy Officer
TimePunch introduces the new role of Data Privacy Officer.
According to the new DSGVO, the data privacy officer or the coordinator has the "right to inspect all relevant documents". The data privacy officer has read access to all data within TimePunch. In TimePunch, the user is treated in the same way as the administrator, but without the right to change the data viewed.
The data protection officer can thus monitor compliance with the deletion deadlines, carry out data deletion and call up the corresponding report of the "DSGVO information form" for all employees.
Hint: A data privacy officer also has access to the financial data, such as employee compensation, and relevant accounting data.