Data Privacy Compliance in HR - Selection

Bagging the Second Interview

Norah paced up and down her apartment, her phone flattening her ear as she tried to retain everything Mrs Morton, the recruitment agent, was telling her. She recalled her previous visit with Mrs Morton where she unintentionally became some personified data protection software and grilled Mrs Morton about the company’s need for all her personal information. The good news was that she actually landed a second (and hopefully final) interview at The Rolling Scone. The better news was that the job was based in Scone HQ on Black Forest Drive. Not only was she selected…they also wanted her to be on their digital marketing team…in a lavish and upmarket office. Before her daydreaming swept her away, she jotted down the details and headed down to the Scone.

Norah’s Personal Issues with Personal Information

“Congratulations on making the shortlist, Norah,” said Gordon, the creative director, while he went through her interview sheet. “Irene told me you were checking up on our data privacy compliance, do you have a background in data privacy?”

“Oh no I’m just paranoid,” Norah half joked.

“Ha! I guess you have to be these days. We checked out your social media and it well…checks out.”  

Norah felt her anxiety being put on the back burner as Gordon seemed a lot more relaxed than the recruitment agent.

“Your allergies are a non-issue now that you won’t be in the factory – no chances of sneezing in the cake flour,” he reassured her. Norah felt compelled to tell him the story of her sneeze muffins but thankfully she was saved by the bell of Gordon’s smart watch. “Just going to pop out for a sec… oh yes, while I’m gone, you can fill in this form.”

As he dashed out, Norah filled in her particulars at the speed of light. She didn’t want to spend another second of her life not working at this dream office. Their board meeting table was shaped like a Bundt cake for crying out loud! But as she scanned the form, a familiar feeling came over her. “Uh oh, I… have… questions!”

A Privacy Compliance Quiz


“Winning?” said Gordon as he skated back into the office holding some cake box prototypes.

“What do I fill in where you ask if I belong to a trade union?” Norah just decided to come out with it.

“Oh, don’t bother about that – it doesn’t apply to your job”.

Norah wondered why they asked for it in the first place. “Alright and what does it mean when you say that you may process information about my health?” she probed.

“You’ve really never worked in GDPR compliance? CCPA? No? Okay, the health question… Well, let’s say you are off sick – the company usually requests a sick note from your GP” he answered while sizing up the boxes.

“I see. And when you say ‘monitoring’, what kind of monitoring are we talking about here?” Norah scrunched up her face which made Gordon chuckle.

“That’s our IT guys – they need to maintain the security of our systems, so they monitor usage. And I believe the company is going to install CCTV on the factory floor. Irene wasn’t kidding about your privacy compliance curiosity. Did I answer everything to your satisfaction, Ms Wallace?”

“I know right, like who’s conducting the interview here, you or me!” Norah turned red and laughed as she hoped her awkward joke would land.

“See, I knew you were gonna fit right in here,” Gordon laughed with a bit of a grimace. “One more thing before I send you on your way…there’s a box here that’s the perfect design while the other 2 are garbage. Which is that box?”

“No-brainer,” Norah declared, “It’s the middle one.” She heard herself swallow as she stared at him for reassurance, but he just stared back. Did she nail this interview? Or completely wreck it in 5 seconds? A week later she received an email with an answer to her question…

Those in the know, say…


The company might well have a legitimate interest in monitoring their IT networks but it’s important that they perform an impact assessment, properly inform their employees, and ensure the data collected is not used for any other purpose. 

Deploying CCTV will almost certainly demand a Data Protection Impact Assessment.

The filing of sick notes requires rigorous security measures, especially if uploaded to the cloud. Sick notes should have a very limited retention period, i.e. only to corroborate the employee’s absence.

Go Norah! - holding thumbs for you.

Want to learn more about data protection with PrivIQ? 

Similar posts