With 2018 now upon us, it’s officially the year that GDPR takes force. With just four months to go until the May deadline, organisations across the world are making the necessary preparations to ensure compliance and avoid penalties in the form of hefty fines.
Here’s what you need to know:
The General Data Protection Regulation (GDPR) is a new law that impacts the way organisations handle data protection, replacing the 1998 Data Protection Act. The legislation is due to take effect from 25th May this year—following this deadline, everyone will have a greater level of control over how their personal data is handled, and companies will face higher consequences for handling data incorrectly.
For example, according to article 33 of GDPR, if organisations fail to report a breach to authorities and customers within 72 hours, they could face fines of up to 4% total global revenue—not to mention a harsh blow to business reputation.
It is assumed by many that GDPR will only affect businesses in the EU—this is, however, not the case. GDPR will affect any organisation—regardless of worldwide location—that possesses the personal data of EU individuals.
Although existing legislation only applies to the owners of data—‘data controllers’—the new regulation also applies to companies that process data on behalf of data owners (including payroll providers).
As any professional in the industry knows, a lot of data is held in HR and payroll departments—including private, financial data. It is therefore extremely important that such departments prepare for GDPR now, before it is too late.
With the regulation in play, employees will have several rights on the personal data that payroll teams handle, including right of erasure and right of access. GDPR also demands that businesses must keep an inventory of all activities involving data processing, including all personal data they hold, the owners of this data and how it is processed, to achieve compliance with the regulation.
Additionally, payroll departments will need to carefully consider new data retention policies. Already, existing data privacy laws state that organisations can only hold personal data for a period that is necessary for the processing purposes—and no longer. GDPR takes this further. As well as introducing the right to erasure (the right to be forgotten) businesses who do not comply will face heavier penalties than ever before.
HR and payroll departments—and businesses overall—need to ensure any data they hold is compliant, and protected according to regulation specifications. That’s not forgetting third party relationships—with GDPR in play, you are liable as a data owner if you cannot guarantee that all third parties, such as business partners, are GDPR compliant.
When it comes to security, GDPR does not enforce any specific measures. It does, however, bring more to the table in terms of privacy and risk management principles. As a result, HR and payroll departments will be required to assess their risks and adopt appropriate responses to these.
To ensure compliance, businesses must ingrain security and privacy not only into payroll departments, but across their entire organisations. Those at the top must practice what they preach, including setting a good example when it comes to preparing for GDPR, and remaining compliant beyond the deadline.
Instead of having to deal with several suppliers, you can rely on one trustful partner who takes care of your entire payroll and HR at a global level.
Our Compliance Proof Payroll Services make sure that you are fully compliant with national and international legislation.
Adapt your service package on an ongoing basis, according to your business needs and use our flexible volume shift when moving your business.