GDPR: 3 ways to remain compliant
With less than a month until GDPR comes into effect, organisations around the world should now be working towards compliance. HR and payroll teams should be collaborating with other departments within the organisations—including IT and legal—alongside third-party providers and partners.
Becoming compliant by the May 25th deadline can be difficult, as there are various aspects that need to be taken into consideration. However, once a company achieves compliance, what happens next? Here are three ways that organisations around the world can remain compliant after the GDPR deadline.
1/ Continuing compliance
Employee churn in a company is natural, but to remain GDPR compliant, companies must replace individuals that have a GDPR responsibility within the organisation. It’s obvious that if the Data Protection Officer leaves the company, the organisation must find an alternative DPO. However, if a HR and payroll individual is responsible for updating the data register, for example, the organisation must find a new employee to take on that role if the individual is sick or leaves the company. By doing this, organisations will remain compliant, as the roles will continue to be replaced or covered.
2/ Doting on the data register
Once a data register is in place, it is paramount that it is kept up to date. The HR and payroll department—who is often responsible for the data register of employee data—should ensure that there are set dates to review, process, and remove/destroy data from the register. If there are gaps in the data register, the organisation might become non-compliant, so it’s essential that the data register is given plenty of attention.
3/ Be prepared
Even if a company achieves compliance, there is still a risk that something can go wrong—whether through a hack or data breach. If something does go wrong, it’s essential that the company is prepared, and knows what to do. Organisations should discuss who oversees and implements various actions, including notifying the right authorities, notifying customers, and rectifying the problem.
Although certain individuals will be responsible for various actions, each department should also be aware of their role if non-compliance occurs. By having a plan in place, the issue will be rectified quickly and efficiently.
GDPR compliance should be taken seriously, as the penalties are severe: organisations can face fines of up to €20m, or 4% of global revenue, alongside brand damage. Becoming compliant is one challenge, but remaining compliant should also be a priority in organisations around the world.
SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please email WeAreGlobal@sdworx.com