Personnel files, employment contracts and dismissal documents have a significant impact on both employer and employee. In the case of dismissal, moreover, proof of receipt is legally crucial, because statutory periods are tied to that moment. This article shows how to send HR documents in a demonstrably secure way and record the moment of receipt objectively.
The sensitivity of personnel files
A personnel file contains a broad range of personal data: employment conditions, salary, appraisals, absence, performance reviews and sometimes sensitive information about the employee's private situation. These data fall under the GDPR and may reach only the employee concerned and authorised staff. An accidentally leaked performance file or an inadvertently broadly shared salary statement can seriously disrupt workplace relationships and lead to liability.
GDPR art. 32 requires appropriate technical and organisational measures, matched to the risk. For personnel data this means strong encryption, control over who gains access and a verifiable audit log of the transfer.
Concrete situations in HR practice
Secure and demonstrable transfer arises in a wide range of HR situations:
- Sending an employment contract. The contract contains personal data and employment conditions that concern only the employee involved.
- Dismissal letter or settlement agreement. Documents for which proof of receipt is legally decisive, because periods are tied to them.
- Performance files. Appraisals and reports are sensitive and must not end up with unauthorised persons.
- Salary data. Payslips and salary arrangements are personal data that remain strictly confidential.
Why proof of receipt is crucial in dismissal
On termination of an employment contract by mutual consent, the statutory cooling-off period of Dutch Civil Code art. 7:670b applies: the employee may dissolve the settlement agreement within fourteen days without giving reasons. That period begins to run at the moment the agreement is concluded, and the exact starting moment is, in practice, regularly a subject of dispute.
If the employer cannot demonstrate when the employee received the document, uncertainty arises about when the cooling-off period ended and whether the termination is final. An objectively recorded moment of receipt removes that uncertainty. The same applies to other period-bound documents: certainty about who received what when is then not a formality but a legal necessity.
Demonstrably the right employee
TransferGuard offers biometric identity verification through a specialist identity verification provider: the recipient scans a passport or ID document, takes a live selfie and completes a liveness check. Only after successful verification is the document unlocked. With a settlement agreement or dismissal letter this establishes demonstrably that it was precisely the employee concerned, and no one else, who received the document, and at what moment. See how this works step by step in the verified identity demo.
Encryption and EU storage
Every file is encrypted with AES-256-GCM in the sender's browser: the data are encrypted before they leave the device, and the decryption key is only released to verified recipients after successful identity or email verification. Transport runs over TLS 1.3 and storage is in the EU, on ISO 27001-certified infrastructure. Large files are no obstacle: transfers of up to 100 GB per shipment are possible.
The verifiable audit report as evidence
Every transfer can be concluded with a verifiable PDF audit report with SHA-256 integrity check and an independent verified timestamp. The SHA-256 hash proves that the received file is exactly identical to the file that was sent; the independent timestamp records when the transfer took place. For period-bound documents such as a settlement agreement, this report is the evidence with which you can objectively substantiate the starting moment of the cooling-off period.
Proof tailored to each transfer
You decide per transfer how extensive the identity verification and the evidence file must be. For a routine exchange a light verification may suffice; for an employment contract, dismissal letter or settlement agreement (where the moment of receipt counts legally) full biometric identity verification with a verifiable audit report including integrity check is appropriate.
Practical example
The example below is anonymised and illustrative. An employer and employee reach agreement on terminating the employment, and the HR department must send the settlement agreement to the employee. The starting moment of the fourteen-day cooling-off period must later be demonstrable.
The HR department sends the agreement via TransferGuard with fully verifiable proof. The employee completes a biometric identity verification before the document is unlocked, so that it is demonstrable that the right person receives the document. The platform generates a verifiable audit report with the SHA-256 hash and an independent verified timestamp, which the employer archives with the file. Should a dispute later arise about whether the cooling-off period ran correctly, the exact moment of receipt can be established objectively.
Conclusion
HR documents combine sensitive personal data with, in the case of dismissal, periods that are tied to the moment of receipt. End-to-end encryption, EU storage on ISO 27001-certified infrastructure, biometric identity verification and a verifiable audit report protect the employee and at the same time give the employer the proof that, for period-bound documents, makes the difference between certainty and disputability.
View the full overview of features on the features page or the pricing options on the pricing page. For the broader GDPR context, see our article on GDPR requirements for file transfer.
