hr-system-privacy-config
HR System Privacy Configuration
Overview
Enterprise HR systems are the central repository for employee personal data, processing everything from recruitment to retirement. Systems like SAP SuccessFactors, Workday, and BambooHR contain names, addresses, national identifiers, salary data, performance evaluations, absence records, health-related fitness conclusions, disciplinary records, and benefits information. The default configuration of these systems is designed for operational efficiency, not GDPR compliance. Privacy professionals must actively configure role-based access controls, data retention automation, cross-border transfer settings, audit logging, and field-level security to ensure that the HR system enforces — rather than merely documents — privacy requirements.
This skill provides configuration guidance for the three most widely deployed HR platforms, focusing on the privacy-critical settings that determine who can see what data, how long data is retained, and how data subject rights are facilitated.
Cross-Platform Privacy Requirements
Requirement 1: Role-Based Access Controls (RBAC)
Principle: No employee should have access to more HR data than is necessary for their specific role. Line managers need access to their direct reports' data; HR business partners need access to their client group; payroll needs salary and tax data; IT administrators need system access but not data content.
Standard RBAC Matrix: