With GDPR on the horizon, are your HR and Payroll departments prepared? With large fines and serious damage to your business’ reputation at stake for non-compliance, here’s how you can become GDPR compliant in five practical steps:
Deal with the data rights of your employees
HR and payroll professionals hold a lot of personal and sensitive data, and with GDPR, employees will gain more rights on this data, including right of access, right of correction, and right of erasure. To obtain a good understanding of data subject rights under GDPR, HR and payroll professionals can develop an informative intranet page for employees. This intranet page can explain how employees can manage their personal data and may include a messaging service that allows employees to ask questions relating to GDPR.
Complete the data register
In addition to understanding the data rights of employees, HR and payroll professionals will also need to know exactly what personal data they process, who is responsible for it, and how it is processed. However, keeping a record of data processing activities isn’t as daunting as it sounds. A register should include key information such as identification and contact details of the controller, purpose of the processing and categories of personal data processed. It is helpful to divide your inventory into categories and assign information owners to each who can complete and update their assigned personal data register.
Implementing an appropriate data retention policy
GDPR crucially introduces the right to be forgotten. Because of this, personal data that is kept longer than required is a liability. HR departments should now begin to establish the reasons you have for keeping your data, and the minimum and maximum retention periods for each category of data. Getting these verified by the legal department means you can ensure these changes are implemented as soon as possible. Don’t forget to check your paper records too.
Ensuring compliance of your HR and payroll business partners
Third-party relationships present both risk and opportunity, since GDPR means you are liable as a data controller if you do not have sufficient guarantees that your partners are compliant. However, strong HR and payroll business partners can assist with compliance, reducing the burden on you and your business.
Review your list of HR and payroll business partners to evaluate if they have access to your personal data and, if they are not compliant, contact them to ensure a GDPR compliant data processing agreement will be put in place.
Integrating security and privacy measures in your HR processes
GDPR will introduce more risk management principles into the privacy world. Assess your risks now so you can make the appropriate changes in time.
Review your project management lifecycle to include steps such as defining and documenting security and privacy requirements as part of every HR and payroll project, and testing requirements before you go live. If leaders of your HR and payroll departments review their current policies from a data subject perspective, this may help highlight potential areas of non-compliance you may otherwise miss.
These steps should help your HR and payroll departments towards GDPR compliancy. However, it’s important to remember that GDPR will apply to other areas of your business, so it should be a collaboration exercise with other departments. Investigate what else you need to prepare, and, come 25th May 2018, you can rest assured that you are GDPR compliant.
6 September 2017
On Thursday 30th November, the SD Worx and DLA Piper teams hosted the first webinar in our General Data Protection Regulation (GDPR) series. This webinar focused on the HR and payroll industry and how it should manage the data rights of employees.
11 December 2017
In the upcoming webinar, titled ‘GDPR: Dealing with the data rights of your employees’ and brought to you by SD Worx and global law firm DLA Piper, HR professionals can learn about data subject rights ahead of the General Data Protection Regulation (GDPR). This is the first in a series of GDPR guidance webinars to be launched in the run up to May next year.
22 November 2017
With the General Data Protection Regulation (GDPR) deadline just four months away, is your organisation prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist that includes the essential steps to compliance.
8 January 2018
We all know GDPR is coming, but is your business really prepared for it? To help get your HR and payroll department ready for when the regulation takes effect on 25th May 2018, we’ve put together a GDPR checklist.
25 October 2017
Exactly who should be responsible for data protection within an organisation? Should it be a matter for C-level staff only? Or the IT department? The sales and marketing department collecting customer information? Or is it time to appoint a dedicated Data Protection Officer?
18 October 2017
Having joined the GDPR bootcamp for Marketers in Reading on the 15th of September, I wanted to share what I have learned during this full on (but very enlightening) day in an easy to digest blog:.
2 October 2017
With the General Data Protection Regulation (GDPR) due to take effect in less than four months’ time, it’s essential that HR managers understand exactly what the regulation entails.
15 January 2018
2 October 2017
With GDPR fast approaching, SD Worx commissioned an independent survey of HR and payroll professionals across nine European countries to determine GDPR readiness in the industry. These countries included The United Kingdom, France, Germany, Switzerland, Belgium, Ireland, the Netherlands, Austria and Luxemburg.
19 December 2017
With just six months to go until the General Data Protection Regulation (GDPR) takes force, payroll departments need to ensure they know what’s coming, or risk paying for it later. The stakes are high, as businesses that fail to comply with GDPR could face fines of up to 4% of their total annual revenue.
13 November 2017