Human Capital Journey

Recruitment On boarding Compensation

•Background •Contract and Benefit
Check Administration •Payroll Career
•Psychological •Insurance
Organization Performance Development Resignation &
Test •Leave Disciplinary and Talent
Management Management Termination
Management

2
 • Recruitment

CHOOSEN
• Background
Check
• Compensation

CASE STUDY and Benefit

• Salary
• Insurance
Case Study - Insurance
4
 Insurance Process Business
Considerations Description
Name of business process that involves Insurance Benefit
processing of personal data

Purposes for processing personal To provide insurance for employee, namely health insurance, retirement
data pension
Type of personal data processed Family Registration Number, ID Number, Employee ID Number, Name,
Salary Amount, Email, Phone Number
Collection Points HR Portal
Means of collection File Excel That Sent by Chat or email
Collection Risks No consent given and the purpose of the processing data is not
informed
Usage/Processing Risks Use for purposes beyond health insurance, difficulties in changing
personal data
Disclosure Risks Lack of information security awareness of the HR personnel
Storage/Disposal Risks Data retention is not defined and implemented, inadequate security
technology for the storage
5
Scenario
■ XYZ Corporation is a multinational company with a HR department that manages employee
benefits, which some of them are retirement pension insurance and health insurance
for the employee, employee spouse, and employee children. Those insurance payment are
deducted from the employee salary.
■ Alex has just got accepted as employee, HR personnel send him message through personal
chat that ask him to fill a lot of personal data in a excel file. HR personnel only told him that it
is required for administration for the contract. Alex feel not that comfortable giving away a lot
of personal information without knowing the detailed purposed, but he fill it anyway.
■ After work for 1 year, Alex’s daughter got sick, and want to use health insurance. But once he
arrived in the hospital near his house, the hospital reject them because his daughter health
insurance is not paid yet. Alex got furious, his daughter insurance supposed to be paid monthly
deducted from his salary. He want to pay directly to the insurance, but the insurance company
policy do not let him do it, because the payment must be from the company where Alex work.
So, Alex decide to check his family member data in company system to make sure his daughter
data is processed for the insurance, but the HR website do not give any option for him to view
nor edit his family member as well as the option for the insurance payment. So, he complaint
to HR through personal chat, but there is no improvement for his case until 3 month, so during
those 3 month, he cannot use the insurance benefit for his daughter.

6
Case Study - Salary
7
Salary Payment Process Business
Considerations Description
Name of business process that Salary Payment
involves processing of personal
data
Purposes for processing To process the payment of the salary for the employee
personal data

Type of personal data processed Workplace, employment status, structural level, functional
Collection Points
Means of collection
Collection Risks
Usage/Processing Risks
Disclosure Risks
Storage/Disposal Risks
category
HR Portal
File Excel That Sent by Chat or email
Invalid data
Use for purposes beyond salary
Access by unauthorized entity, data theft
Data retention is not defined and implemented, ex-
employee data is still processed
8
Scenario
■ XYZ Corporation is a multinational company with a HR department that
manages employee benefits, which one of them is salary.
■ A former employee, John Doe, who had left the company three years
ago, discovers that he can still access the employee portal using his old
login credentials. To his surprise, he realizes that the system is still
processing monthly salary payments to his bank account. John, curious
but ethical, decides to inform the HR department about the issue. The
fact that payments were still being made to John's account raises
concerns about financial discrepancies, potential fraud, and
mismanagement of company funds. The company may be in violation of
data privacy regulations by not properly managing user access and salary
payments to former employees. An internal investigation will be required
to determine how and why the payments to former employees were still
being processed, potentially uncovering internal lapses or system
vulnerabilities.
9
Case Study – Background
Check
10
 Background Check Process Business
Considerations
Name of business process that
involves processing of personal data
Purposes for processing personal
data
Type of personal data processed
Collection Points
Means of collection
Collection Risks
Usage/Processing Risks
Disclosure Risks
Storage/Disposal Risks
Description
Recruitment for Background Checking Process
To conduct Candidate Evaluation, Verification, Compliance with
Regulatory Requirements, Security Screening, Contact and
Communication
(Detailed on the next slide)
Google Form
Spreadsheets managed via Google Forms
Innacurate Data, Lack of Data Accuracy
Unauthorized Usage (sse for purposes beyond background check)
Inadvertent Sharing, Lack of information security awareness of the
HR personnel
Data retention is not defined and implemented, Data Mishandling
11
Scenario
■ This scenario outlines the worst-case situation in which an HR (Human
Resources) staff responsible for handling the background check process is
either reassigned or terminated from their role. The HR staff has full access to
the background information collection spreadsheet.
■ However, after this change, access to the spreadsheet is revoked or restricted
in accordance with company policies. When the replacement staff has not
been identified or granted access yet, the Background Check process comes to
a halt, potentially negatively impacting the recruitment and candidate
selection process. Continuity and security of the process become a concern in
this worst-case scenario.

14