What does GDPR mean to People Analytics? #2020

Konstantinos Anastasiadis @ SCALEUP | August 21, 2020

Is it interesting to claim that legislation has been in a constant struggle on keeping up with the speed that big data and technology has advanced. In Europe, the General Data Protection Regulation (GDPR), which came into force in May 2018, was designed to address this and acknowledged the changing landscape in the introductory text to the Regulation.

“...rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities…. Those developments require a strong and more coherent data protection framework in the EU.”
- Source: EU, GDPR 2018

#1. People Analytics in Examples

Let us examine the key areas that people analytics step in to solve but are set against GDPR principles, we simply suggest some actions ideally to be considered by employers.

A.I to CV & Interview Assessment

For this instance, the so-called facial recognition algorithms are being used to scan the expressions of candidates during the vid interviews for determining candidate personality traits, emotions and even assessing whether the candidate is honest in their answers.

Employee Monitoring Apps & Bracelets

Such softwares that feed performance data and timelines directly to the softwares, which can then make decisions about the workforce objective rather than those decisions made subjectively by a manager who may be prone to biases or prejudices. It is clear that Big Data and A.I can provide valuable insights into their workforce but there are specific boundaries that employers ought to always take into consideration.

#2. GDPR & People Analytics: The Conflict Solved

In a wide series of cases, Big Data & A.I come into direct conflict with the sole principles of GDPR:

  • Decision Making Automation: Employers are required to implement necessary measures to guard the candidates rights, that is at least provide the right to obtain human intervention to express his or her point of view and to contest the automated decision.
  • A.I & Discrimination: In theory, A.I can be programmed to be free from bias, prejudice, and discrimination. However, AI technologies are only as reliable as the data that they are fed, and flawed datasets produce flawed AI decision-making technologies. Simple removing gender will not be enough cause even in that case those data close to gender will step in.
  • Data Protection Impact Assessments: DPIAs are a recommended practice to apply for new AI HRIS that uses big data, even where they are not mandatory leveraging them can be used as a roadmap for ensuring that your Organization’s internal procedures are GDPR proof.

#3. GDPR-Proof People Analytics: Made Simple

GDPR-Proof Pillar Key Activities
Maintain the Human touch Avoid leaving a complete decision making to the A.I. Especially for those decisions which may have adverse effects on employees or candidates.
Automate & Ensure Fairness Understand the A.I’s decision making process & use off the self shelf technologies which are sufficiently transparent about how they operate.
Communicate the A.I existence Update your Organization’s privacy notices to clearly explain the use of data driven technologies. Moreover, your HR workforce or your Data Privacy lead should be trained to answer any questions from concerned candidates/employees about the use of their data.
Consent on Employee Data HR must get employee’s expressed permission in order to collect & process their personal data. The case that consent was accompanied by part of employment is no longer applied.
Anonymise the Data Remove any indicators that link an individual to that piece of information.

Source: Forbes 2020

#4. Reflections & Thoughts

In an effort to leverage the maximum out of People Analytics and the insight they can truly offer , HR teams must strike this required balance between employee privacy and business needs, while always being transparent about data activities.
Interested in more insights and best practices in GDPR & People Analytics? Have a quick look on Bernard Marr’s, People Analyst & Employee Rights Advocate, book “Data Driven HR"

Additional Resources: AIHR Academy, CIPD Factsheet, SHRM: Key GDPR Insights