Having joined the GDPR bootcamp for Marketers in Reading on the 15th of September, I wanted to share what I have learned during this full on (but very enlightening) day in an easy to digest blog:
The world is undoubtedly changing. The UK currently relies on the Data Protection Act 1998, which follows the EU Data Protection Directive 1995, to control what happens to the personal data given to companies. However, this legislation is soon to be superseded by GDPR, which will be enforced across all businesses in the European Union from May 2018.
GDPR is the EU’s General Data Protection Regulation and is the result of four years’ work carried out by the EU in order to bring existing data protection legislation up to date and to standardise it across the EU.
GDPR will mean tougher fines for breaches and non-compliance, and provides the public with a greater say in what companies are allowed to do with their personal data. The current legislation was enacted prior to the advancement of internet and cloud technology and the existence of companies like Google and Facebook who routinely swap users’ data.
It is hoped that GDPR will strengthen worldwide trust in the digital environment and will provide businesses across the globe with a simpler, clearer legal framework within which to operate, saving organisations around €2.3 billion annually.
GDPR will apply to all EU member states from 25 May 2018, including the UK until Brexit happens. The UK Government have put forward a new Data Protection Bill, which mirrors GDPR. Once this legislation has been passed, it is thought that the UK will basically copy the EU legislation into British law. Copying the GDPR legislation should mean that the UK’s own data protection standards are acceptable to the remaining EU countries after Brexit. Acceptance is essential in order for the UK to be ‘whitelisted’ as a safe and secure place where EU data can be transferred, allowing international businesses that do so to remain EU trading partners.
GDPR will affect all areas of inbound and outbound marketing. It is indeed a big opportunity for marketers to adopt a more personalised and smarter approach. The marketing team should identify news areas to drive genuine interaction with a clients and/or prospects and/or suspects – to get genuine interaction!
In terms of the sales team perspective, after May 2018 they will have to adjust to more strategic data collection and management, resulting in more valuable conversation with prospects who have chosen how they want to engage with them throughout the sales funnel – a valuable way to exchange information!
Your day to day marketing and sales initiatives will be impacted in the following ways:
The ‘new’ principles and what you will need to be accountable for are as follows:
1. Lawfulness, fairness and transparency (the way you handle and manage your customer data)
2. Purpose limitation (How long have you been keeping the data for?)
3. Data Minimisation (What data do you currently hold and for what purposes? Do not keep more than what’s needed)
4. Accuracy (How accurate is the data you hold?)
5. Data retention (is the data you hold still necessary for the original purpose of processing?)
6. Security (How secure is the data you hold?)
All of the above must be consent data, meaning that the information was freely given for a specific purpose and the customer/lead was informed about what you plan to do with the data in an unambiguous manner. In addition, their data should be erased at any point in time at their request with no particular reason needed. This will bring the end of cold calling and mass e-mailing!
“Customer-business relationships are a value exchange and the benefits of getting this right are greater than legal compliance. Who doesn’t value customer trust?” - Elizabeth Denham- The Information Commissioner.
Personal data under GDPR includes:
* Anything that is classified as personal data under the DPA also qualifies under GDPR.
If the data is no longer required for its original purpose, the user has the right to demand that it is deleted (‘right to be forgotten’). Similarly, this rule applies if the user objects to the way their data was processed or collected. An organisation’s controller is responsible for the removal of data/information supplied other organisations, e.g. Facebook, as well as any links to copies of it. Data must be stored in commonly used formats so that it can easily be moved if the owner asks, and such a request must be expedited within one month.
If a company suffers a data breach, it must inform the UK Commissioner’s Office within 72 hours of becoming aware of it. Before this, companies must only inform the people who have been affected by the breach.
Failure to meet the 72-hour deadline could result in the imposition of a penalty of up to 2% of global revenue, or €10 million, whichever is greater. In addition, if the basic principles laid out in GDPR are not followed, companies could be fined up to 4% of their global revenue, or €20 million, whichever is higher.
There is still much work to be done in order for all EU businesses to be fully compliant with GDPR before its final implementation next year. Those who fail to prepare and put in place the necessary tech to protect their clients’ data could find themselves falling foul of hefty fines and potential ruin. However, bear in mind that if you get a complaint despite all the efforts put in place, the more important fact is that you have shown due diligence and it will go a long way to minimise any consequences.
“ At SD Worx we are committed to providing thought leadership around the impact GDPR will have on Payroll and HR. We are working hard to remain at the cutting-edge of readiness and support our customers in preparing for GDPR and the fast approaching deadline of May 2018.” - Suhail Khan, Chief Marketing Officer.
Cindy Berichon -
International Marketing Manager (Global)
If you want to learn best practice in handling data in light of the General Data Protection Regulations (GDPR), you can do no better than to look at DuPont. Now part of science giant DowDuPont following a merger last year, data is part of the DNA of the organisation and it has a long history of embedding data protection into its culture.
12 March 2018
6 September 2017
With the 25th May deadline only a month away, it is more important than ever for HR and payroll departments to ensure that they are GDPR compliant. If organisations are not compliant the penalties are significant, with fines of up to €20m or 4% of global revenue, and companies will undeniably suffer from significant brand damage.
So, what should HR and payroll teams do during the next month to ensure that they are compliant and ready by the deadline?
9 April 2018
In the upcoming webinar, titled ‘GDPR: Dealing with the data rights of your employees’ and brought to you by SD Worx and global law firm DLA Piper, HR professionals can learn about data subject rights ahead of the General Data Protection Regulation (GDPR). This is the first in a series of GDPR guidance webinars to be launched in the run up to May next year.
22 November 2017
On Thursday 30th November, the SD Worx and DLA Piper teams hosted the first webinar in our General Data Protection Regulation (GDPR) series. This webinar focused on the HR and payroll industry and how it should manage the data rights of employees.
11 December 2017
With the General Data Protection Regulation (GDPR) deadline just four months away, is your organisation prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist that includes the essential steps to compliance.
8 January 2018
With the GDPR deadline just four months away, are you prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist of essential steps to compliance.
19 January 2018
We all know GDPR is coming, but is your business really prepared for it? To help get your HR and payroll department ready for when the regulation takes effect on 25th May 2018, we’ve put together a GDPR checklist.
25 October 2017
Once GDPR comes into effect, companies must provide employees and data regulation authorities with carefully-documented data information. To simplify this process, these records should be stored in the form of a data register, filled in by HR and payroll professionals, alongside other departments within the organisation. However, how should HR and payroll departments set up and maintain a data register?
5 March 2018
With the implementation of the General Data Protection Regulation (GDPR) next month, if an organisation is working with HR and payroll vendors, it will be their responsibility to ensure that these business partners are GDPR compliant. Any external organisation that handles the data of employees or customers must be compliant, otherwise the organisation is also at risk of breaking GDPR regulations.
26 April 2018
Exactly who should be responsible for data protection within an organisation? Should it be a matter for C-level staff only? Or the IT department? The sales and marketing department collecting customer information? Or is it time to appoint a dedicated Data Protection Officer?
18 October 2017
Having joined the GDPR bootcamp for Marketers in Reading on the 15th of September, I wanted to share what I have learned during this full on (but very enlightening) day in an easy to digest blog:.
2 October 2017
With the General Data Protection Regulation (GDPR) due to take effect in less than four months’ time, it’s essential that HR managers understand exactly what the regulation entails.
15 January 2018
On Wednesday 25th January, SD Worx and DLA Piper hosted the second webinar in our General Data Protection Regulation (GDPR) series focused on implementing an appropriate retention of employees’ data.
29 January 2018
PAREXEL provides best practice examples to international organisations.
With the General Data Protection Regulation (GDPR) coming into effect in May 2018, all organisations who handle data of EU citizens will need to comply with new guidelines. By nature, HR departments hold personal and sensitive employee data, including payroll data. However, with an increasing amount of payroll and HR departments adopting automated payroll processes, the question arises: how do you become compliant in a digital world, especially if you are an international company?
With just three months to go until the General Data Protection Regulation (GDPR) comes into force, the clock is ticking for HR and payroll managers to get the systems and processes in place to ensure compliance. The regulation, coming into effect on 25 May 2018, updates data rights for today’s networked world and organisations ignore it at their peril. A major infringement could cost a company up to 4% of its global revenue while there is a penalty of 2% of global revenue if records are not in order or a supervising authority and data subjects are not notified within 72 hours when personal data is exposed in a security breach.
19 March 2018
2 October 2017
With GDPR on the horizon, are your HR and Payroll departments prepared? With large fines and serious damage to your business’ reputation at stake for non-compliance, here’s how you can become GDPR compliant in five practical steps:
20 December 2017
Once GDPR takes effect on 25th May 2018, organisations that fail to process data correctly, report security breaches within a set time period, or comply with data regulations, will face fines and brand damage. These legislative changes emphasise how HR and payroll professionals need to be more security-conscious than ever before.
14 March 2018
With GDPR fast approaching, SD Worx commissioned an independent survey of HR and payroll professionals across nine European countries to determine GDPR readiness in the industry. These countries included The United Kingdom, France, Germany, Switzerland, Belgium, Ireland, the Netherlands, Austria and Luxemburg.
19 December 2017
Payroll, and the importance of payroll, is everywhere. Whether in Italy, France, or in Belgium, payroll is a crucial part of any organisation. Employees are the heartbeat of an organisation, so ensuring that they are paid on time and correctly is essential
17 May 2018
In February, SD Worx hosted its European Conference 2018 at Hilton on Park Lane, London, with over 800 attendees and 30 expert speakers. One of the sessions, titled ‘How to be internationally compliant in a digital world’, was hosted by Gert Beeckmans, chief risk and security officer SD Worx, and Frank Rudolf, director of payroll at PAREXEL. Here are their top five lessons on implementing GDPR:
1 March 2018
14 February 2018
With just six months to go until the General Data Protection Regulation (GDPR) takes force, payroll departments need to ensure they know what’s coming, or risk paying for it later. The stakes are high, as businesses that fail to comply with GDPR could face fines of up to 4% of their total annual revenue.
13 November 2017