ENEXI
With the advent of GDPR, the processing of HR data has fundamentally changed. Information about why an employee is not at work is divided into normal operational (e.g., Home-office or Business trip) and highly sensitive (Doctor, Sick leave, Family care, Blood donation).
The conflict between transparency and privacy
On the one hand, we need colleagues to know not to wait for a person. On the other hand, legislation strictly forbids a shared company calendar, visible to 50 people, from saying "Joseph – Urologist visit". This data belongs exclusively in the hands of the HR department and the payroll accountant for salary calculation purposes.
In ENEXI, we solved this problem at the architectural level with the concept of Privacy by Design.
Data Anonymization Process (Data Masking)
From a technical perspective, the ENEXI system distinguishes between the internal Payload (data for payroll calculation) and the external Payload (data sent via API to Microsoft / Google services).
- Category Mapping: The administrator sets in the system which types of interruptions should be considered sensitive.
- Substitution (Masking): Before ENEXI sends a request to the external calendar API, it intercepts the sensitive reason (e.g., "Doctor visit with a pass") and replaces it with a generic string, such as "Out of Office" or "Busy".
- Metadata Security: No hidden metadata is transferred to external systems from which the original reason could be reverse-decoded.
"Ensuring GDPR compliance doesn't mean returning to paper books. It means using software that understands the difference between a payroll document and information for a colleague from marketing."
Thanks to this anonymization layer, the company can enjoy all the benefits of fully automated shared calendars while guaranteeing employees that their health and personal data will not leave the secure gates of the HR department.