With just six months to go until the General Data Protection Regulation (GDPR) takes force, payroll departments need to ensure they know what’s coming, or risk paying for it later. The stakes are high, as businesses that fail to comply with GDPR could face fines of up to 4% of their total annual revenue.
In this blog post, we’ll explore what exactly the regulation entails and why it is important to payroll departments.
GDPR is a new legislation that affects how businesses deal with data protection. Replacing the 1998 Data Protection Act, the regulation will take effect from 25th May next year. Following this date, individuals will have a higher level of control over how their data is handled, and businesses will face stricter penalties for data misuse. For example, if businesses do not report a breach to the relevant authorities, and any potentially affected customers, within 72 hours of the incident they will face a penalty.
GDPR is not exclusive to organisations in the European Union (EU): it will also affect any business that holds the personal data of EU individuals, wherever they are based in the world.
What does it mean for payroll departments?
Payroll departments hold a lot of data, including sensitive financial information. Therefore, they are certainly not exempt from preparing for GDPR compliance. With GDPR, employees have extensive rights on the personal data that payroll departments hold, for example, right of access and right of erasure (right to be forgotten).
The GDPR legislation states that organisations need to keep a record of all activities surrounding data processing activities, including what personal data they process, who is responsible for it and how it is processed, or risk non-compliance.
In addition, with GDPR in play, payroll teams will need to become explicit on data retention. According to existing privacy laws, businesses can only retain personal data for a period that is necessary for processing purposes: GDPR builds on this. For example, non-compliance will meet stricter consequences, and the right to erasure is introduced.
Businesses (including payroll departments) are responsible for ensuring their own data is in check – and protected. Third-party relationships also need to be considered: GDPR makes you liable as a data controller if you cannot sufficiently state that all third parties are compliant.
A Note on Security
Although GDPR does not enforce specific measures in terms of security, it does introduce more risk management principles in terms of privacy. Therefore, payroll teams will need to assess their risks and adopt the relevant approach in response.
It’s crucial to note that organisations need to build privacy and security not just into their payroll departments, but across their entire workforces, and set an example from a top level in terms of ensure total data compliance and ongoing data protection, in line with GDPR.
By doing so, organisations can ensure all departments are GDPR ready, preventing a harsh blow to revenue in the form of large fines, or damage to their business reputation.
SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our GDPR Page or, please email WeAreGlobal@sdworx.com.
6 September 2017
On Thursday 30th November, the SD Worx and DLA Piper teams hosted the first webinar in our General Data Protection Regulation (GDPR) series. This webinar focused on the HR and payroll industry and how it should manage the data rights of employees.
11 December 2017
In the upcoming webinar, titled ‘GDPR: Dealing with the data rights of your employees’ and brought to you by SD Worx and global law firm DLA Piper, HR professionals can learn about data subject rights ahead of the General Data Protection Regulation (GDPR). This is the first in a series of GDPR guidance webinars to be launched in the run up to May next year.
22 November 2017
With the General Data Protection Regulation (GDPR) deadline just four months away, is your organisation prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist that includes the essential steps to compliance.
8 January 2018
With the GDPR deadline just four months away, are you prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist of essential steps to compliance.
19 January 2018
We all know GDPR is coming, but is your business really prepared for it? To help get your HR and payroll department ready for when the regulation takes effect on 25th May 2018, we’ve put together a GDPR checklist.
25 October 2017
Exactly who should be responsible for data protection within an organisation? Should it be a matter for C-level staff only? Or the IT department? The sales and marketing department collecting customer information? Or is it time to appoint a dedicated Data Protection Officer?
18 October 2017
Having joined the GDPR bootcamp for Marketers in Reading on the 15th of September, I wanted to share what I have learned during this full on (but very enlightening) day in an easy to digest blog:.
2 October 2017
With the General Data Protection Regulation (GDPR) due to take effect in less than four months’ time, it’s essential that HR managers understand exactly what the regulation entails.
15 January 2018
On Wednesday 25th January, SD Worx and DLA Piper hosted the second webinar in our General Data Protection Regulation (GDPR) series focused on implementing an appropriate retention of employees’ data.
29 January 2018
2 October 2017
With GDPR on the horizon, are your HR and Payroll departments prepared? With large fines and serious damage to your business’ reputation at stake for non-compliance, here’s how you can become GDPR compliant in five practical steps:
20 December 2017
With GDPR fast approaching, SD Worx commissioned an independent survey of HR and payroll professionals across nine European countries to determine GDPR readiness in the industry. These countries included The United Kingdom, France, Germany, Switzerland, Belgium, Ireland, the Netherlands, Austria and Luxemburg.
19 December 2017
14 February 2018
13 November 2017