1. Home>
  2. Resources>
  3. Privacy & Security>

GDPR checklist: 4 months to prepare (Part 2)

With the GDPR deadline just four months away, are you prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist of essential steps to compliance.

Earlier this month we explored getting to grips with employee rights, making an inventory of data, and rethinking data retention. This post will explore the final two points on our checklist: ensuring compliance with your HR and payroll business partners, and implementing privacy and security into your HR project management life cycle.

    Compliance is key – don’t forget your HR and payroll business partners

    If you cannot sufficiently guarantee that third parties you work with—including business partners—are compliant, GDPR makes you liable as a data owner or ‘data controller’.
    Businesses need to review their complete list of HR/payroll business partners, and evaluate if they have access to your personal data. By doing this now, you can ensure you are prepared in advance of 25th May. Request a clear statement, and more information from your partners on what they are doing to ensure they are compliant by the deadline. Don’t be afraid to challenge them.
    Ensure a GDPR compliant data handling agreement is set up with any third parties, and have a checklist at hand for going through proposed agreements. Finally, ensure GDPR requirements are integrated in RFI/RFP templates and update your partner selection process to avoid selecting non-compliant partners.

      Revise privacy and security measures

      With GDPR very much on the horizon, it’s time to implement privacy and security into your HR project management lifecycle.

      To do so, businesses will need to follow several important steps. For example, start with defining and documenting security and privacy requirements as part of every HR project, test the requirements before you go live and review the existing security measures in your HR department from a data subject point of view.

      Finally, HR and payroll managers will need to take the lead in departments by demonstrating and emphasising the importance of following security policies; business leaders will need to set an example organisation-wide.


      By completing our checklist, you can relax in the knowledge that your HR and payroll department is fully compliant by the time the GDPR deadline arrives. To make sure you are ready, take full ownership of your data and, first and foremost, get to grips with the regulation’s implications to avoid the strict penalties of GDPR. Prepare now, or risk paying for it later.
      Missed Part 1 of our GDPR countdown checklist? Click here to read the blog.

      To read more about GDPR, including our statement, click here. SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our GDPR Page or, please email WeAreGlobal@sdworx.com