Looking to use online HR system. Who liable GDPR

If we use an online HR system and there is a data breach their end, are we still liable

Didn't find your answer?

Good morning.

If we use a third-party online HR system and there is a data breach their end (their website), are we still liable?

Here is what I THINK but I am NOT at all convinced! 

We want to use an online HR system. I understand if we are stupid and use a rubbish password and it gets "broken into" due to our stupidity then it's our fault. 

What happens though, if the system is hacked and it's not our fault, it's the fault of the software / website developer? 

Do we still make a report to Data Protection (I think yes); or is it the website developer?

And in that scenario, who covers the cost for telling the Staff and any possible claims? 

I'm trawling through their T&Cs and it doesn't really make it clear anywhere. 

This is an online provider, it is not bespoke nor exclusive to us.

Many thanks 

Replies (1)

Please login or register to join the discussion.

avatar
By Ranse
10th Jul 2018 20:10

......maybe thinking between the lines data controller vs. data processors will help you answer some of the above questions.

Thanks (0)