SD Worx European Conference 2018: Top Five Lessons on Implementing GDPR-Reading time: 3 Minutes
In February, SD Worx hosted its European Conference 2018 at Hilton on Park Lane, London, with over 800 attendees and 30 expert speakers. One of the sessions, titled ‘How to be internationally compliant in a digital world’, was hosted by Gert Beeckmans, chief risk and security officer SD Worx, and Frank Rudolf, director of payroll at PAREXEL. Here are their top five lessons on implementing GDPR:
1. It’s not just about IT
Don’t dive too deep into technicalities. Take a dual approach: (1) IT and systems (2) organisation. HR and payroll managers should take a lead on creating awareness of GDPR within the organisation, providing employee training on data privacy, helping to create corporate policies and standard operational procedures and giving guidance. GDPR is all about the rights of individuals and their data and the way organisations manage and protect that data.
2. C-level buy in is essential
Senior management should publicly acknowledge the fact GDPR is coming into force and drive through the organisation the idea of getting ready for it. The CEO should own this, while delegating down tasks and responsibilities.
3. GDPR rights are balanced with the rights of the organisation
While there are heavier penalties for non-compliance, new rights to data portability and erasure (the right to be forgotten) and the need to specify a data retention period, this must be balanced with other legislative requirements, such as employment law. Make sure you check with relevant colleagues before making data changes.
4. You are not alone
HR and payroll is part of a data ecosystem and your third party systems and software providers need to demonstrate that they are compliant. Ask questions and challenge your providers.
5. You will not get it perfect first time
This is a new framework and, in the absence of any case law, you can only interpret GDPR. It is likely you will have to correct it. This is a milestone – regulators will want to see you have a demonstrable process and evidence that you are serious about this. Have a clear action plan and check on a country by country basis.
More information please contact us.
Why choose a payroll provider with an ISAE 3000 attestation
Outsourcing HR tasks such as payroll implies handing highly valuable company and personnel information over to an external partner. How can you guarantee they handle those data professionally, with integrity and confidentiality, and in compliance with the strict EU General Data Protection Regulation (GDPR)? The answer: ISAE 3000 attestation.
Going Global? Here are 5 advantages of outsourcing your payroll
In this increasingly globalised world, there is a vast array of opportunities for businesses to explore. For companies looking to expand their international reach, payroll is one of the biggest consideration factors.
GDPR Data Register: What you need to know
Our webinar, titled ‘GDPR: Completing the Data Register’, and hosted by Gert Beeckmans, Chief Risk & Security Officer at SD Worx, and Laurent De Surgeloose, Lead Lawyer at global law firm DLA Piper, explored the importance of data registers and what HR and payroll professionals need to know.