GDPR: One month to go-Reading time: 4 Minutes
With the 25th May deadline only a month away, it is more important than ever for HR and payroll departments to ensure that they are GDPR compliant. If organisations are not compliant the penalties are significant, with fines of up to €20m or 4% of global revenue, and companies will undeniably suffer from significant brand damage.
So, what should HR and payroll teams do during the next month to ensure that they are compliant and ready by the deadline?
Understanding data regulations
New GDPR regulations don’t just apply to customer data. Under GDPR, organisations will have to ensure that the rights of employees are also compliant to avoid potential fines. To achieve this, organisations should produce a clear and understandable intranet page that inform employees of how their data rights are changing.
To handle future employee requests, HR and payroll teams should ensure they have a clear method in place. The intranet page can be used for employees to know where they can issue a request, while the HR and payroll team should know which member is responsible for handling and processing the requests.
HR and payroll teams should be able to produce clear evidence that the organisation is handling data in a way that complies with GDPR at all times to remain compliant.
Updating the data register
The thought of developing a new, GDPR compliant data register may seem like a daunting task. However, there are many ways to set up and maintain a data register with ease. It is possible to adapt an existing register into a GDPR compliant format: our GDPR Data Register blog provides specific information of what organisations need to know.
Under GDPR, organisations must ensure that they can detail the reasons as to why they are keeping all data. To remain compliant, organisations will be required to keep a record of the personal data they process. The organisation’s inventory must clarify data in categories (including employee performance data, payroll data, etc.), with each category assigned an information owner that are responsible for keeping the register compliant updated.
As important as it is to ensure that the HR and payroll department is working towards GDPR compliance, they should not be working alone. It is important that multiple departments (from IT to legal) liaise with each other, as GDPR will affect the entire organisation.
Organisation-wide awareness is key to compliance: leadership buy-in and ownership is vital. Creating easy-to-follow procedures and communicating early will help the organisation to collaborate in working towards becoming GDPR compliant.
Communicate how the organisation will be compliant by issuing a company statement which clarifies the organisation’s plans. Providing evidence is vital to make sure that the company can demonstrate GDPR compliance to both data regulators and clients. If an organisation is not ready by the May 25th deadline, it should instead provide proof that it have been appropriately working towards compliance to avoid a penalty.
If HR and payroll teams, and employees, have a clear operating procedure to follow, it is more likely that the transition to GDPR compliance will be a smooth one. To find out more, read our Top Five Lessons on Implementing GDPR.
For more information on how SD Worx can help your global payroll needs, please contact us here, or for general enquiries email us at WeAreGlobal@sdworx.com.
Why choose a payroll provider with an ISAE 3000 attestation
Outsourcing HR tasks such as payroll implies handing highly valuable company and personnel information over to an external partner. How can you guarantee they handle those data professionally, with integrity and confidentiality, and in compliance with the strict EU General Data Protection Regulation (GDPR)? The answer: ISAE 3000 attestation.
Going Global? Here are 5 advantages of outsourcing your payroll
In this increasingly globalised world, there is a vast array of opportunities for businesses to explore. For companies looking to expand their international reach, payroll is one of the biggest consideration factors.
GDPR Data Register: What you need to know
Our webinar, titled ‘GDPR: Completing the Data Register’, and hosted by Gert Beeckmans, Chief Risk & Security Officer at SD Worx, and Laurent De Surgeloose, Lead Lawyer at global law firm DLA Piper, explored the importance of data registers and what HR and payroll professionals need to know.