GDPR checklist: 4 months to prepare (Part 2)
With the GDPR deadline just four months away, are you prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist of essential steps to compliance.
Earlier this month we explored getting to grips with employee rights, making an inventory of data, and rethinking data retention. This post will explore the final two points on our checklist: ensuring compliance with your HR and payroll business partners, and implementing privacy and security into your HR project management life cycle.
Compliance is key – don’t forget your HR and payroll business partners
If you cannot sufficiently guarantee that third parties you work with—including business partners—are compliant, GDPR makes you liable as a data owner or ‘data controller’.
Businesses need to review their complete list of HR/payroll business partners, and evaluate if they have access to your personal data. By doing this now, you can ensure you are prepared in advance of 25th May. Request a clear statement, and more information from your partners on what they are doing to ensure they are compliant by the deadline. Don’t be afraid to challenge them.
Ensure a GDPR compliant data handling agreement is set up with any third parties, and have a checklist at hand for going through proposed agreements. Finally, ensure GDPR requirements are integrated in RFI/RFP templates and update your partner selection process to avoid selecting non-compliant partners.
Revise privacy and security measures
With GDPR very much on the horizon, it’s time to implement privacy and security into your HR project management lifecycle.
To do so, businesses will need to follow several important steps. For example, start with defining and documenting security and privacy requirements as part of every HR project, test the requirements before you go live and review the existing security measures in your HR department from a data subject point of view.
Finally, HR and payroll managers will need to take the lead in departments by demonstrating and emphasising the importance of following security policies; business leaders will need to set an example organisation-wide.
-
By completing our checklist, you can relax in the knowledge that your HR and payroll department is fully compliant by the time the GDPR deadline arrives. To make sure you are ready, take full ownership of your data and, first and foremost, get to grips with the regulation’s implications to avoid the strict penalties of GDPR. Prepare now, or risk paying for it later.
Missed Part 1 of our GDPR countdown checklist? Click here to read the blog.
To read more about GDPR, including our statement, click here. SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our GDPR Page or, please email WeAreGlobal@sdworx.com
Related articles
Mandatory protection for whistleblowers – be prepared on time
By December 17, 2021, Belgium will need to have implemented the European Whistleblower Directive. From then on, organisations and companies must have a workable internal reporting channel in place for whistleblowers who expose abuses. Belgium is still lagging behind, but we are already taking steps to move forward.
Getting it Right: Small and Mighty Payroll
There’s a common misconception that payroll offerings are only necessary when your organisation reaches a certain size. However, small companies should not overlook partnering with a payroll provider that fits their needs, especially when they’re looking to expand into new regions.
Why choose a payroll provider with an ISAE 3000 attestation
Outsourcing HR tasks such as payroll implies handing highly valuable company and personnel information over to an external partner. How can you guarantee they handle those data professionally, with integrity and confidentiality, and in compliance with the strict EU General Data Protection Regulation (GDPR)? The answer: ISAE 3000 attestation.