HR DataHub collects company and employee data that has been pseudonymised. While it is not identifiable data, it is still sensitive data. All the data we capture is analysed and then aggregated, to power all the HR insights available on our platform. We practice confidentiality by design - an organisation’s individual data set is never identifiable by anyone, in any way, other than its own employees. We have a ‘Rule of 5’ enforced by default across the platform: no metric can be charted unless it is pulling from an aggregate dataset of at least 5 organisations.
We don’t sell or share unaggregated datasets with anyone. Not now, not ever. This is reflected in our Ts&Cs to ensure customers can share their data with confidence.
HR DataHub is registered with the ICO (registration number ZA750047). We do not currently hold ISO 27001 but are working towards it. A first step in that direction is to become Cyber Essentials certified, which we should reach very shortly.
HR Data Hub has a number of measures in place relating to data protection and information security. These measures align to the ICO’s Accountability Framework and are designed to manage compliance around the following foundations:
A Data Risk Committee has been set up, which meets every 6 weeks and is chaired by Trust Keith. This includes senior owners within HR Data Hub and data protection related matters are being discussed at a strategic level. These meetings are minuted and all actions resulting from the meetings are documented.
Our software and data are hosted in Microsoft Azure (Europe). Our data is only accessed from the UK, not transferred anywhere else outside the EEA, and access to it is secured by internal controls. We have policies and procedures to ensure everything is kept safe at all time.
HR DataHub has a system in place to recognise, report and investigate incidents and breaches. All employees are informed of our policies.
HR DataHub uses third party security tools to continuously scan for vulnerabilities. We engage third-party security experts to perform detailed penetration tests on the HR DataHub application and infrastructure on a yearly basis.
If you have additional questions regarding our security or privacy policies, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.