How can the GDPR data retention policy be defined for multinational companies?20th Feb 2018
From 25th May 2018, General Data Regulation Protection (GDPR) laws will take force, with the aim of refining data privacy rights of EU citizens. With the deadline now just over three months away, this is naturally forcing businesses worldwide to think about the way they organise and process data.
According to the regulation, employers should not retain personal employee data for a period longer than is necessary for its purpose; and while the idea of simply getting rid of unnecessary data seems simple, this process has the potential to be challenging in practice. HR and payroll teams must ensure that the huge volumes of employee and customer data stored in their systems is GDPR compliant at all times.
Stricter storage limitation
To give some context, GDPR will introduce laws that will make the storage limitation principle considerably stricter. Soon, it will be illegal for data processing to be excessive in relation to the purpose of acquiring such information.
Specific time limits will be set for both the processing and reviewing of data, while the handling of sensitive information should remain explicit and transparent over the company’s intranet.
Keeping a data record
The period of data retention will need to be logged in a registry, with clear categories and named data owners. And if an HR department fails to comply with this, they’re left far more exposed to the risk of sanction in the case of a breach.
Furthermore, if employees feel that their HR and payroll department is holding personal data for an excessive duration, they have the right to request the data to be erased.
But while GDPR’s new retention policies may initially evoke daunting prospects for HR and payroll managers, who are reorganising massive quantities of complex employee data, the solutions are in fact simple and are likely to ensure productive and long-term benefits for companies. First, HR managers just need to identify the challenges they’ll encounter, and how different forms of data will be affected.
GDPR compliance: an international issue
For organisations who operate across multiple countries, there is no set retention policy that crosses borders. The data retention laws for each country are different. But to avoid infringement under GDPR, companies need to take the legal differences of each country into account.
So, how do HR and payroll departments manage data across countries? While each country has different rules, the nature of these regulations are similar. Firstly, they all have minimum retention periods, and the social, fiscal, corporate and administrative laws are never too dissimilar, especially between European countries.
France, for example, has a retention period of five years, while in Germany, data for those on minimum wage lasts for two years. In Belgium employee records and social documents can be kept to up to five years, while in the UK, payroll records can be held for six years from the end of the financial year.
If HR and payroll managers create a detailed calendar or report of the deadline dates for each country, and coordinate with each country’s office manager well in advance of these deadlines, infringement is easily avoidable.
In preparation for GDPR, HR and payroll managers will need to develop almost completely new internal policies of handling exactly when they should retain or discard employee, or ex-employee, data. This system will also need to factor in documents that can be used later in legal defence cases and the data retention laws affecting international offices, if the company operates in more than one country. Ultimately, if HR and payroll managers can collaborate with other departments and employees, GDPR compliance is achievable across multiple countries.
To learn more about what the Payroll Services Alliance can do for your business, please get in touch.
Latest news from around the globe
If you don’t already interact with some type of ...
It’s been a busy year for the Payroll Services A...
2018 has been a tough year when it comes to compli...
Get in Touch with Payroll Services Alliance
Save by Simplicity
Instead of having to deal with several suppliers, you can rely on one trustful partner who takes care of your entire payroll and HR at a global level.
Think Global, Act Local
Our Compliance Proof Payroll Services make sure that you are fully compliant with national and international legislation.
Use our Flexibility
Adapt your service package on an ongoing basis, according to your business needs and use our flexible volume shift when moving your business.