What is DPDP Act?

The DPDP Act of 2023, also known as the Digital Personal Data Protection Act, represents a pivotal milestone in India's legislative landscape. Passed by the Lok Sabha on August 9, 2023, and subsequently by the Rajya Sabha on August 11, 2023, this act stands as India's most comprehensive legal framework concerning protecting individuals' digital personal data. It addresses the pressing need for a structured approach to ensure individuals have visibility and control over their online personal information. Drawing inspiration from the European General Data Protection Regulation (GDPR) while incorporating unique features, the DPDP Act heralds a new era of digital privacy and data rights in the country.

What Data do we collect?

uKnowva is a web-based HRMS software that automates Employee Lifecycle Management and we collect and process data at various stages/events like while onboarding a user/candidate, deboarding a user, processing salaries, etc. For all of this data collected, the customer is the controller and we are just a processor of the data.

How are we ensuring DPDP compliance?

While its primary focus is safeguarding individuals' digital personal data, its implications will extend to various sectors, including Human Resources (HR). Here are key points on how we ensure compliance to this Act

Ask for consent at every touchpoint related to data collection

HRs need to ask for consent while collecting employee or candidate data. This is one of the mandates of this new DPDP Act 2023. The consent will give the candidate and employee the ownership of their sensitive data to be used for a specific purpose. 

uKnowva HRMS provides a checkbox for consent submission remark whenever someone is filling out a form with PII (Personally identifiable information) data on the system, be it a employee, or candidate. 

Make exit management more reliable for references

HRs have to ask for the consent of their leaving or departing employees to store the data of the ex-employee at the backend. If the employee refuses, they will have to delete the data and maintain the privacy of their personal data. If and only if the employee gives consent, can the HR use the data for reference points and further analyse the company culture and the employee turnover rate. 

uKnowva HRMS allows you to create custom exit forms that can help you in obtaining this consent. uKnowva HRMS also automatically disables employees on the last working day. The system can be set up to auto delete the personal details of the employees  for whom consent is not received and store only the employment details of exited employees.

Data minimization and purpose limitation

Each data the HR teams collect must have a purpose and be used only for that purpose. DPDP Act 2023 strictly focuses on the purpose for which the data is amassed or collected. To use the given or existing data for other purposes, which are not mentioned earlier in the consent, HRs will have to seek the consent of the concerned person again. 

There has to be a time-bound limitation on the data to be used. For instance, the employee data must only be used for audits and analytical purposes as long as that person is an employee of the firm.

uKnowva can automate the maintenance of such time bound limitation on data based on consent received, validation and auto deletion of personal data post exit

Update the employment policy according to the DPDP Act terms and conditions

Recruiters and HR policymakers must mention clear terms and conditions for using the collected employee data. Employees must give digital consent along with the acknowledgement on that employee policy document to avoid any confusion later on. 

uKnowva HRMS allows you to upload and set up your policies and get acknowledgment of the same maintaining logs of timestamp and IP address to ensure audit compliance. You need to enable the Policy acknowledgement plugin for the same. Read more on https://uknowva.com/extensions/policy-acknowledgement/131 

Candidates to have the rights to update or remove their data

Recruiters create a talent pool and often reach out to previous candidates whenever a new job opens. They draw several analyses of the efficiency of the job portal or job search engine by collecting various CVs against a job posted online. However, recruiters must be more cautious and concerned about this candidate data now.

uKnowva HRMS allows candidates to request data deletion by raising a request from a web form. Each instance has such web form available on link <<instance-url>>/cst/open.php. Example: https://thedemo.uknowva.com/cst/open.php

Enhanced data security

Data security is paramount under the DPDP Act, requiring data fiduciaries (including HR departments) to maintain robust security measures. HR functions will need to invest in stringent cybersecurity measures to protect sensitive employee and candidate information from potential data breaches, as per the Act's provisions.

uKnowva HRMS apart from being compliant with DPDP, also ensures security and data privacy is practiced at all levels in the entire service delivery cycle. You can read more about this on following links

• GDPR compliance: https://docs.uknowva.com/security-compliance/299-how-does-uknowva-ensure-gdpr-compliance
• Overall security architecture: https://uknowva.com/security
• Regular VAPT reports are conducted to ensure overall security: https://docs.uknowva.com/security-compliance/vapt-reports
• Additionally we are SOC2 compliant and ISO 27001 certified. Customers can request at anytime for the latest certificate copies by writing to helpdesk[at]uknowva[dot]com

Additionally, We review and update our accountability measures at appropriate intervals as and when there is any update in the policy from government authorities.