In an increasingly digital world, the question arises for employers and employees as to which rules and regulations must be observed with regard to project time recording. With the General Data Protection Regulation (GDPR), project time recording has also been viewed in a new light, as personal data is involved here that is subject to strict regulations. As a company, you are therefore obliged to ensure that the recording and storage of this data complies with the legal requirements. To ensure that you can record, store and process your project times in compliance with the law, we at ZEP focus on the security of your data!
The GDPR is a Regulation of the European Unionwhich regulates the handling of personal data in public spaces. It was introduced on 25 May 2018 to harmonise data protection policies across the EU. The GDPR applies to groups, companies, authorities, practices, associations and both inside and outside the European Union. Outside the EU, the rules apply as soon as personal data of EU citizens are processed or the data controller has an establishment within the EU (Art. 3, GDPR).
Well, personal data are, according to Article 4 of the DGSVO Information that refers to identifiable natural persons. A person is identifiable if an identification determination or classification is possible on the basis of certain criteria. This can be, for example, the name, the personnel number in companies, the appearance or also individual time recording data. Yes, these data can also be used to identify a person! For this reason, (project) time recording is also subject to the provisions of the GDPR. You as a company must therefore deal with the question of what is allowed and what is not allowed in work and project time recording. Above all, this is correct, objective and precise recording that is transparent and systematic - as in the ECJ decision from 2019 or BAG ruling from 2022 for recording working time. Project time recording can be done using different devices or techniques, but as a company you need to make sure that they are compatible with the following Requirements of the GDPR correspond:
In addition to the GDPR, IT security is of course also very important in project time tracking. If you store time recording data using software for project time recording, you must ensure that the data is treated confidentially. Ideally, the server for this is located in Germany to ensure compliance with the General Data Protection Regulation. Some project time tracking software providers - such as ZEP - host their software with ISO 27001 certified partners, which ensures compliance with information security guidelines.
Does your company have a works council? Then you should note that according to § Sec. 87 (1) no. 6 of the Works Constitution Act (BetrVG) has a right of co-determination in the introduction of a time recording system. However: The works council must also consider the GDPR-compliant aspects of (project) time recording. Agreements between works council and employer should include the following points on working time and project time recording:
The much-discussed BAG ruling on working time recording has now shaken up the entire working world. In this context, the big question for you is of course "How secure is project time recording with ZEP? Well, for over 20 years, we have placed the greatest value on the security of your data during development and hosting! In terms of the DSGVO, more specifically in terms of , we naturally work with order processing contracts, which we conclude with each customer as soon as the contract is signed. This ensures that we meet the data protection requirements that apply to Germany according to the DSGVO. All data you collect with ZEP is stored and processed exclusively in high-security data centres. What else can you expect from us in terms of data protection?
We understand that the security of your internal data is a top priority. That's why we have set strict standards for protecting your data in the cloud. All our hosting partners are ISO/IEC 27001 certified and thus meet the highest security standards. In addition, we place great emphasis on physical security aspects when selecting our data centres, including fire protection measures and uninterruptible power supply. In this way, we ensure that your data is safe and secure at all times, even from unforeseen dangers. The permanent monitoring of accessibility and the capacities of our servers offer you reliable 24/7 access to your project time recording data with ZEP - secure, digital and DSGVO-compliant.
We have taken precautions to prevent the nightmare of a complete data loss. An automated redundant data backup is carried out in our data centres, which is also stored in encrypted form. The backup intervals here range from daily for the first 14 days and then increasing intervals up to 133 days, i.e. for you: on day X there is a backup for each customer with the age 1 day, 2 days, etc. up to 133 days. This way you can pull a necessary backup of your ZEP version if the worst comes to the worst. On the one hand, this ensures the security of your project time recording data and, on the other hand, enables a quick recovery in case something does go wrong. In the unlikely event of a total system failure, we have built in another false bottom thanks to our Disaster Recovery Concept.
As the protection of your data is particularly important to us, we have made data protection a central part of our service promise. 2023 ZEP was again certified as "Certified Cloud" by the industry association Cloud Ecosystem e.V.- What does that mean for you? Our Co-Managing Director Benny Hahn explains: "Certifications provide us with an excellent opportunity to have our project time tracking software reviewed and evaluated by independent third parties. This gives our customers the security of using a tool that meets all current requirements for a cloud-based software solution."
So you see, we are aware of our importance as a Software provider for project time recording We are aware of this and therefore rely on external certifications to give you the certainty that you have a reliable partner at your side. However, if you have any questions about our software, the security of your data or our data centres, please do not hesitate to contact us. We are here for you!
Content Marketing Manager at provantis IT Solutions
Read article ↗
Read article ↗