DATA PROTECTION IN THE PERSONNEL MANAGEMENT SYSTEM IN THE CONTEXT OF CHALLENGES AND CYBER THREATS TO INFORMATION PRIVACY
Abstract
The article presents a comprehensive analysis of the key challenges and threats related to the protection of employees’ personal data within contemporary human resource management systems. It emphasizes that information privacy constitutes an inherently interdisciplinary problem requiring an integrated approach that combines socio technical, legal, organizational and sociocultural perspectives. Information privacy based on the principles of personal information control, transparency, consent and trust. The study highlights the need for a multilayered analytical framework that considers both internal organizational processes and external environmental influences, including regulatory initiatives, international standards, political and economic dynamics, and technological risks associated with digital transformation. Special attention is given to the latest EU regulatory frameworks on data protection, artificial intelligence and cyber resilience, which introduce new obligations for organizations, including compliance with employee data protection requirements. The article underscores the specific context of Ukraine, which simultaneously faces the demands of European integration and the intensified cyber threats caused by the ongoing full-scale war, creating additional risks of confidential data leakage. It is demonstrated that the digitalization of HR processes and the adoption of HR information systems generate significant managerial advantages while also amplifying vulnerabilities to cyberattacks that pose threats of data leakage, including personal data of employees. An analysis of leading experts’ perspectives confirms that information privacy has evolved beyond a purely technical concern into a multidimensional challenge encompassing technological, social, economic, and political dimensions. The global scope of privacy-related risks was underscored, along with the imperative for coordinated action among regulators, businesses, and civil society to ensure strong safeguards for personal data and to enhance information privacy within the rapidly changing digital landscape.
References
Варіс І.О., Кравчук О.І., Бацман І.С. Концептуальні основи цифровізації менеджменту персоналу. Приазовський економічний вісник. 2023. Вип. 4 (36). С. 32-41. DOI: https://doi.org/10.32782/2522-4263/2023-4-5
Виговська В., Шолудько В., Балицька М. Державна цифрова трансформація: аналіз за 2019-2024 роки. URL: https://voxukraine.org/derzhavna-tsyfrova-transformatsiya-analiz-za-2019-2024-roky (дата звернення: 26.12.2025).
ГО «Лабораторія законодавчих ініціатив». Цифрова трансформація системи управління людськими ресурсами на державній службі, 2025. URL: https://parlament.org.ua/wp-content/uploads/2025/07/ali_brief_-digitalisation_hrmis.pdf (дата звернення: 26.12.2025).
Гусаров С. М., Мельник К. Ю. Захист персональних даних працівника. Право і безпека. 2023. № 2 (89). С.133–144. https://doi.org/10.32631/pb.2023.2.12
Державна служба спеціального зв'язку та захисту інформації України (2025). CERT-UA минулого року опрацювала 4315 кіберінцидентів. URL: https://cip.gov.ua/ua/news/cert-ua-minulogo-roku-opracyuvala-4315-kiberincidentiv (дата звернення: 27.12.2025).
Закон України «Про захист персональних даних», №2297-VI від 01.06.2010. дата Відомості Верховної Ради України. https://zakon.rada.gov.ua/laws/show/2297-17#Text
Збрицька Т., Сорока О. Управління персоналом в епоху цифрової економіки. Економіка та суспільство. 2021. Вип. 31. https://doi.org/10.32782/2524-0072/2021-31-20
Малюга Л.Ю., Шкрібляк К.П. Особливості захисту персональних даних у процесі цифровізації трудових відносин: теоретико-правовий аналіз. Науковий вісник Ужгородського Національного Університету, 2025. Серія ПРАВО. Вип. 91: Ч. 2. С. 114-120. https://doi.org/10.24144/2307-3322.2025.91.2.14
Матвєєнко І., Панченко Г. Управління персоналом в системі державної служби України в умовах цифровізації. Наукові перспективи. 2022. №9(27). https://doi.org/10.52058/2708-7530-2022-9(27)-157-170
Руденко В. О., Другова, О. С., Бріль, М. С. Діджитал-компетентність персоналу як фактор цифрової ефективності підприємств. Трансформаційна економіка. 2025. №2 (11), С. 100-106. https://doi.org/10.32782/2786-8141/2025-11-16
Ahmadon M. A. et al. Digital Privacy: Trends, Challenges, and the Future. IT Professional. 2025. Vol. 27 (3). Р. 69-77. https://ieeexplore.ieee.org/document/11029710
Ball K., Daniel E., Stride C. Dimensions of employee privacy: an empirical study. Information Technology & People. 2012. Vol. 25 (4). Р. 376–394, doi: https://doi.org/10.1108/09593841211278785
Bhave D. P., Teo, L., Dalal. R. S. Privacy at Work: A Review and a Research Agenda for a Contested Terrain. Journal of Management. 2019. Vol. 46 (3). DOI:10.1177/0149206319878254
European Parliament and Council. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Official Journal of the European Union, 2016, L 119, Pp. 1–88. URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
European Parliament and Council. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union, L 2024/1689. URL: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
European Parliament and Council. Regulation (EU) 2024/… on horizontal cybersecurity requirements for products with digital elements (Cyber Resilience Act). Official Journal of the European Union, 2024. URL: https://eur-lex.europa.eu/
Gotsch M., Schögel M. Addressing the privacy paradox on the organizational level: review and future directions. Management Review Quarterly. 2021. Vol. 73, P. 263–296. https://doi.org/10.1007/S11301-021-00239-4
Gstrein O., Beaulieu A. How to protect privacy in a datafied society? A presentation of multiple legal and conceptual approaches. Philos. Technol. 2022. Vol. 35 (3). https://doi.org/10.1007/s13347-022-00497-4
How Experts Think about Digital Privacy. IEEE Digital Privacy. 2025. https://digitalprivacy.ieee.org/wp-content/uploads/2025/07/How-Experts Think-About-Digital-Privacy.pdf (дата звернення: 25.12.2025).
Jain N., Maheshwari M., Singhal S., & Vishnoi, D. Cybersecurity in HR Tech: A review of data privacy challenges in the digital HR ecosystem. Advances in Consumer Research. 2025. Issue 2. pp. 855-866.
Labadie C., Legner C. Building data management capabilities to address data protection regulations: Learnings from EU-GDPR. Journal of Information Technology, 2023. Vol. 38(1). P. 16-44. https://doi.org/10.1177/02683962221141456
Tang A. Privacy in Practice: Establish and Operationalize a Holistic Data Privacy Program. N.Y.: Taylor & Francis Group, 2023. 450 p.
World Economic Forum. Global Cybersecurity Outlook 2025. Geneva: World Economic Forum, 2025. 44 p. URL: https://www.weforum.org/reports/global-cybersecurity-outlook-2025 (дата звернення: 26.12.2025).
Varis, I. O., Kravchuk, O. I., & Batsman, I. S. (2023). Kontseptualni osnovy tsyfrovizatsii menedzhmentu personalu [Conceptual foundations of HR management digitalization]. Pryazovskyi Economic Bulletin, 4(36), 32–41. https://doi.org/10.32782/2522-4263/2023-4-5 (in Ukrainian).
Vyhovska, V., Sholudko, V., & Balytska, M. (2025). Derzhavna tsyfrova transformatsiia: analiz za 2019–2024 roky [State digital transformation: Analysis for 2019–2024]. https://voxukraine.org/derzhavna-tsyfrova-transformatsiya-analiz-za-2019-2024-roky (in Ukrainian).
Hromadska orhanizatsiia “Laboratoriia zakonodavchykh initsiatyv” (2025). Tsyfrova transformatsiia systemy upravlinnia liudskymy resursamy na derzhavnii sluzhbi [Digital transformation of the HR management system in the civil service]. https://parlament.org.ua/wp-content/uploads/2025/07/ali_brief_-digitalisation_hrmis.pdf (in Ukrainian).
Husarov, S. M., & Melnyk, K. Yu. (2023). Zakhyst personalnykh danykh pratsivnyka [Protection of employee personal data]. Pravo i Bezpeka, 2(89), 133–144. https://doi.org/10.32631/pb.2023.2.12 (in Ukrainian).
Derzhavna sluzhba spetsialnoho zv’iazku ta zakhystu informatsii Ukrainy. (2025). CERT-UA mynuloho roku opratsiuvav 4315 kiberintsydentiv [CERT-UA processed 4315 cyber incidents last year]. https://cip.gov.ua/ua/news/cert-ua-minulogo-roku-opracyuvala-4315-kiberincidentiv (in Ukrainian).
Zakon Ukrainy “Pro zakhyst personalnykh danykh” №2297-VI vid 01.06.2010 [Law of Ukraine “On Personal Data Protection”]. (2010). https://zakon.rada.gov.ua/laws/show/2297-17#Text (in Ukrainian).
Zbrytska, T., & Soroka, O. (2021). Upravlinnia personalom v epokhu tsyfrovoi ekonomiky [HR management in the era of the digital economy]. Ekonomika ta Suspilstvo, 31. https://doi.org/10.32782/2524-0072/2021-31-20 (in Ukrainian).
Maliuha, L. Yu., & Shkribliak, K. P. (2025). Osoblyvosti zakhystu personalnykh danykh u protsesi tsyfrovizatsii trudovykh vidnosyn: teoretyko-pravovyi analiz [Features of personal data protection in the digitalization of labor relations: Theoretical and legal analysis]. Scientific Bulletin of Uzhhorod National University. Law Series, 91(2), pp. 114–120. https://doi.org/10.24144/2307-3322.2025.91.2.14 (in Ukrainian).
Matvieienko, I., & Panchenko, H. (2022). Upravlinnia personalom v systemi derzhavnoi sluzhby Ukrainy v umovakh tsyfrovizatsii [HR management in the Ukrainian civil service under digitalization]. Naukovi Perspektyvy, 9(27). https://doi.org/10.52058/2708-7530-2022-9(27)-157-170 (in Ukrainian).
Rudenko, V. O., Druhova, O. S., & Bril, M. S. (2025). Didzhytal-kompetentnist personalu yak faktor tsyfrovoi efektyvnosti pidpryiemstv [Digital competence of personnel as a factor of enterprises’ digital efficiency]. Transformatsiina Ekonomika, 2(11), pp.100-106. https://doi.org/10.32782/2786-8141/2025-11-16 (in Ukrainian).
Ahmadon, M. A. et al., (2025). Digital Privacy: Trends, Challenges, and the Future. IT Professional. 27 (3). pp. 69-77. https://ieeexplore.ieee.org/document/11029710
Ball, K., Daniel, E., Stride, C. (2012). Dimensions of employee privacy: an empirical study. Information Technology & People. 25 (4). pp. 376-394, doi: https://doi.org/10.1108/09593841211278785
This work is licensed under a Creative Commons Attribution 4.0 International License.
