GDPR checklist: 4 months to prepare (Part 2)
With the GDPR deadline just four months away, are you prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist of essential steps to compliance.
Earlier this month we explored getting to grips with employee rights, making an inventory of data, and rethinking data retention. This post will explore the final two points on our checklist: ensuring compliance with your HR and payroll business partners, and implementing privacy and security into your HR project management life cycle.
Compliance is key – don’t forget your HR and payroll business partners
If you cannot sufficiently guarantee that third parties you work with—including business partners—are compliant, GDPR makes you liable as a data owner or ‘data controller’.
Businesses need to review their complete list of HR/payroll business partners, and evaluate if they have access to your personal data. By doing this now, you can ensure you are prepared in advance of 25th May. Request a clear statement, and more information from your partners on what they are doing to ensure they are compliant by the deadline. Don’t be afraid to challenge them.
Ensure a GDPR compliant data handling agreement is set up with any third parties, and have a checklist at hand for going through proposed agreements. Finally, ensure GDPR requirements are integrated in RFI/RFP templates and update your partner selection process to avoid selecting non-compliant partners.
Revise privacy and security measures
With GDPR very much on the horizon, it’s time to implement privacy and security into your HR project management lifecycle.
To do so, businesses will need to follow several important steps. For example, start with defining and documenting security and privacy requirements as part of every HR project, test the requirements before you go live and review the existing security measures in your HR department from a data subject point of view.
Finally, HR and payroll managers will need to take the lead in departments by demonstrating and emphasising the importance of following security policies; business leaders will need to set an example organisation-wide.
By completing our checklist, you can relax in the knowledge that your HR and payroll department is fully compliant by the time the GDPR deadline arrives. To make sure you are ready, take full ownership of your data and, first and foremost, get to grips with the regulation’s implications to avoid the strict penalties of GDPR. Prepare now, or risk paying for it later.
Missed Part 1 of our GDPR countdown checklist? Click here to read the blog.
To read more about GDPR, including our statement, click here. SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our GDPR Page or, please email WeAreGlobal@sdworx.com
Why choose a payroll provider with an ISAE 3000 attestation
Outsourcing HR tasks such as payroll implies handing highly valuable company and personnel information over to an external partner. How can you guarantee they handle those data professionally, with integrity and confidentiality, and in compliance with the strict EU General Data Protection Regulation (GDPR)? The answer: ISAE 3000 attestation.
Going Global? Here are 5 advantages of outsourcing your payroll
In this increasingly globalised world, there is a vast array of opportunities for businesses to explore. For companies looking to expand their international reach, payroll is one of the biggest consideration factors.
GDPR Data Register: What you need to know
Our webinar, titled ‘GDPR: Completing the Data Register’, and hosted by Gert Beeckmans, Chief Risk & Security Officer at SD Worx, and Laurent De Surgeloose, Lead Lawyer at global law firm DLA Piper, explored the importance of data registers and what HR and payroll professionals need to know.