![]() |
Key Security Offerings
|
|
![]() |
|
|
|
PII and GDPR
|
One Model contains Privacy by Design
- Only the data provided/permitted by the customer is transferred to OM
- Application level Role Based Security provides manageable access to data
- OM staff only have access to data where required to support the customer
- All data encrypted in transit and at rest
Consent
- OM does not collect data directly from the employee, it consumes/processes data from HR systems.
- Consent is handled by the Customer
- OM will never process data in a fashion not requested or configured by the Customer
Right to Access
- Multiple options exist for providing access
○ Give the employee a user to access OM where their role is linked to their own data point.
○Dashboards/Reports aimed at providing individual information can be created for distribution on request to the employee.
Data Portability
- N/A to the OM application but we can facilitate the export/transfer of data for an employee using the options in Right to Access.
Right to be forgotten
- Primarily handled through the source system. OM is synchronized with the source so removal from the source system will remove from OM on the next synchronization.
- If a data source is being held statically these persons can be removed via the data models so they are no longer processed or removed from the data store via an sql query to remove. OM will facilitate this process where the customer does not have the resources to complete.