In response to GDPR, what are the required measures that need to be taken when an employment contract is terminated?
Is disabling the user and terminating the worker enough?
I tested deleting the user and the worker connected to the user in UAT, the system allows me to do it, is this the correct measure?
However in the transaction, the username is still there and it is including the name, can this be updated/hidden? what do you think ?
Thanks for your reply.
Can you describe the process of obfuscating the name?
If you have a transaction in the system with the username = firstname.lastname this means that all transactions need to be updated, right?
Hi Andre,
I am wondering if transactional data like PR which may have name of employee, will is consider as personal data at all? As you correctly said we can not delete/modify historical data. Curious to lean what can be done in this case.
Hi Ali,
I'm not an expert in GDPR, but as long as you are able to provide information what personal data is stored and ensure only relevant people will have access to it, disabling the user and terminating the employment in HRM is sufficient.
A person in the EU does have the right to be forgotten. He can then request your company to delete all personal data. This is often done by obfuscating name, address and contact details as historical records would prevent you deleting the worker record.
André Arnaud de Cal...
291,979
Super User 2025 Season 1
Martin Dráb
230,848
Most Valuable Professional
nmaenpaa
101,156