PAREXEL provides best practice examples to international organisations
With the General Data Protection Regulation (GDPR) coming into effect in May 2018, all organisations who handle data of EU citizens will need to comply with new guidelines. By nature, HR departments hold personal and sensitive employee data, including payroll data. However, with an increasing amount of payroll and HR departments adopting automated payroll processes, the question arises: how do you become compliant in a digital world, especially if you are an international company?
HR and payroll departments will need to change the way they handle employee and customer data—both paper and digital—which will likely cause difficulties for payroll professionals. To explore these challenges and offer solutions, Gert Beeckmans, Chief Risk & Security Officer SD Worx, and Frank Rudolf, Director of Payroll PAREXEL, discussed GDPR compliance in our digital world at SD Worx’s European Conference 2018 in London. Here are the key takeaways:
PAREXEL is a multinational life sciences consulting firm, operating in 95 countries.
In terms of data, PAREXEL processes both personalised and pseudonymized client data. For example, clinical trials have personalised data which is clearly identifiable, and this data is pseudonymised and sent onto the next phase of a clinical trial. Alongside client data, PAREXEL also processes the personal data of staff, including 17,500 employees across 84 offices around the world.
When it comes to dealing with the digital data of both clients and employees on an international level, it is important for organisations to get the HR department on the way to GDPR compliance. To do this, PAREXEL split its approach into three stages—the fundamental, advanced, and long-term vision of data compliance. PAREXEL also focused on the IT-infrastructure as a core aspect and the overall organisation as another, splitting and appointing different roles and responsibilities within the two sections.
For example, for the IT-infrastructure, a fundamental approach was to setup the action plan and appoint key responsibilities, the one of the advanced tasks was to create a software register, and the long-term plan was to maintain documentation. On the other hand, for the overall organisation, one of the fundamental tasks was to ensure C-level buy in, an advanced task was to review employment contracts, and a long-term plan was to train staff for effective GDPR leadership.
While putting this plan together, PAREXEL understood the importance of C-level acknowledgement of GDPR for both short and long-term activities. Although the long-term goal is to maintain GDPR digital compliance across the countries, there were also fundamental steps that needed to be taken beforehand. These included:
Once a plan is in place, and the key responsibilities are delegated to the necessary departments or individuals, there are various tasks that the HR and payroll department can complete. By doing this, it is clear which policies are in place and who is responsible for them, ensuring that employees are aware of upcoming and ongoing changes.
Firstly, the HR and payroll department can work with the IT team to develop an intranet page that explains how employees are going to be affected by GDPR. Collaboration is key when it comes to international compliance in the digital world, so departments should work together to produce a clear explanation for employees. This can be done internally—without input from the legal team—as it is important for employees to understand the upcoming changes. The intranet page can explain the rights that employees now have over their data, including right of access, right of correction, right of erasure, and right of data portability, among others.
Alongside a clear intranet page, organisations should also complete a data register. The data register includes all the personal customer and client data the organisation is processing. Under GDPR, the amount of time a company can hold data is changing, so a completed data register will allow HR and payroll departments to understand where the data came from, why they need it, and when it should be deleted. A simple data register that is filled out correctly will ensure that the organisation is GDPR compliant, and will allow weekly, monthly, or annual reviews to be completed easily.
When developing the data register, an inventory of the categories of data the organisation holds should be listed – for example, payroll and employee benefits, employee performance data, and
recruitment information. Once the data categories have been identified, an information owner should be decided for each one (checking with your Data Protection Officer or legal team that there isn’t a data register already in place). If there is already a data register set up, HR and payroll teams should add to this list, to avoid multiple data registers in a single organisation—even if it is international.
HR and payroll departments should also set up a procedure on dealing with requests from existing or potential employees. Where can they issue a request? How will the team validate the identity of the requestor? Who in the HR department follows-up and manages the request?
When it comes to data subject rights, PAREXEL ensured that all employees were informed on how HR data is collected and used. Alongside this, every HR professional completes GDPR online training via PAREXEL learning management system. PAREXEL also set up Standard Operating Procedures (SOPs) that define the process for handling data requests of employees—so there is a clear structure in place.
Although existing privacy laws already stated that a company can only retain personal data for as long as it is required, GDPR puts stricter restrictions on holding data. For example, there are significant sanctions if organisations do not comply with data retention rules.
In an increasingly digital world, it is important that all records of data are destroyed correctly and at the correct time. Based on the data register that the organisation develops, the HR and payroll department needs to list the reasons for keeping the data. These could include:
By defining the minimum and maximum retention periods for each category of data—and validating these with the legal department—the data will be destroyed when necessary and no sanctions will occur.
When it comes to being digitally compliant in an international world, GDPR will pose many challenges for HR and payroll departments. Many organisations will need to change their policies and adapt as they go, learning from other companies.
Make sure that your organisation—and any third parties who handle or process your company or employee data—are GDPR compliant. This will remove the risk of GDPR sanctions in the short and long-term, and will give you peace of mind when it comes to GDPR compliance. To read more about GDPR, including our statement, click here or here to get presentation slide pack.. SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our GDPR Page or contact us.
Expanding businesses internationally can mean increased profit, a better reputation and more capital to invest in getting the best talent from your industry. But international businesses face newer challenges, chief among which is working with international teams that are based in various cities, regions, countries and potentially even continents.
12 November 2018
It’s likely that no matter whether an organization works in the EU or not, its heard of the General Data Protection Regulation. GDPR, which was implemented on the 25th May 2018, changes the ways that data is processed, stored, and used by organizations.9 November 2018
The SD Worx team has returned from another great annual UNLEASH conference. Over 5,000 attendees gathered at the RAI Exhibition and Conference Centre in Amsterdam – the site of the first conference seven years ago.7 November 2018
Payroll is the lifeblood of an organization, so getting it right is crucial. When organizations branch out into new geographical locations, the risk of payroll mistakes heightens. It’s a scary thought for HR and payroll professionals.
30 October 2018
Business leaders are always searching for dynamic new ways to improve their business strategy, but there's one source of data which still remains largely untapped. There is a wealth of potential strategy ideas to be found in a place businesses already have unrestricted access to - their payroll system.
So, how can both large and small companies start utilising payroll data today to breathe new life into stale strategies?24 October 2018
On 31st October, SD Worx is hosting an exclusive webinar, in collaboration with Ascender (also a member of the Payroll Services Alliance), to discuss the General Data Protection Regulation (GDPR) and how it affects organisations outside of the EU19 October 2018
If no agreement between the UK and the European Union is reached at the EU summit on 18 and 19 October, the transitional period that would have applied until the end of 2020 will expire. As a result, on 29 March 2019, the UK’s membership in the EU will end, and EU law will no longer apply. If your company employs people in or from the UK, this change could be far-reaching. So, take the bull by the horns and avoid unpleasant surprises caused by a ‘no deal’ scenario by making the right preparations.16 October 2018
In the digital world, ensuring that you have a healthy work/life balance has never been so important. However, in this ‘always-on’ environment, it can prove difficult to step away from the world of work and to take that all-important break from your seemingly never-ending to do list. Some HR and payroll professionals see the introduction of HR tech as another cause of stress, with many fearing that it will threaten the future of the industry. However, the introduction of automation and other technologies could be the answer to empowering the HR professional and maintaining a healthy work/life balance.12 October 2018
With the growing importance of computers and technology in today’s world, the pressure for businesses to digitalise their workplace is rising. Although there are many benefits to be reaped, lots of people are still confused about what digitalisation is and how it will impact their employees.1 October 2018
September: the month that children dread as they make their return to school after the freedom of the long summer months. But for adults, especially those in the payroll industry, after the quiet summer period September should be a time to be motivated and to adopt that ‘back to school’ thinking. It’s important for teams not to be stagnant. In the ever-developing payroll industry, adaptability is key and so learning shouldn’t stop just because you’ve left school—in payroll and HR it’s all about continuous learning.18 September 2018
In the lead up to 25th May 2018, the General Data Protection Regulation (GDPR) was everywhere as organizations across Europe (and further afield) prepared for stricter regulations on handling customer and employee data. Three months have passed since its implementation, but what’s new with GDPR?20 August 2018
Is your HR and payroll team feeling the heat this summer? With the weather heating up, most of us want to get out and enjoy the sun or escape on a holiday. However, with more staff members out of the office, this can mean that the payroll team might be running on reduced numbers. And, typically, less team members results in a higher workload for those in the office. This is where HR and payroll technology can help, giving HR teams a well-deserved summer holiday.3 August 2018
The HR and payroll industry is in a constant state of change. New laws and regulations are introduced around the world, some of which—including GDPR—change the way the whole organization handles its processes and services.26 July 2018
Payroll data. How often do we stop and think about how important it is to a business? Although payroll is often viewed as a back-office function, it is an essential part of any organisation, and is much more than just payslips.5 July 2018
The multinational payroll market is growing at an impressive rate, with the entire payroll services market expected to reach 4.8 billion by 2021. The demand for international payroll services are increasing, due to the heightened need for compliance to local laws and legislations, and a demand for more comprehensive technology. However, even though the payroll market is growing, many organisations still aren’t unlocking the power of payroll.3 July 2018
Payroll, and the importance of payroll, is everywhere. Whether in Italy, France, or in Belgium, payroll is a crucial part of any organisation. Employees are the heartbeat of an organisation, so ensuring that they are paid on time and correctly is essential17 May 2018
With just six months to go until the General Data Protection Regulation (GDPR) takes force, payroll departments need to ensure they know what’s coming, or risk paying for it later. The stakes are high, as businesses that fail to comply with GDPR could face fines of up to 4% of their total annual revenue.14 May 2018
With the implementation of the General Data Protection Regulation (GDPR) next month, if an organisation is working with HR and payroll vendors, it will be their responsibility to ensure that these business partners are GDPR compliant. Any external organisation that handles the data of employees or customers must be compliant, otherwise the organisation is also at risk of breaking GDPR regulations.
26 April 2018
The HR and payroll industry is in constant change, with digitalisation, GDPR, and the gig economy effecting the HR and payroll department in organisations around the world. So, how can you ensure that both your HR department and employees are able to keep up with the pace of change? It’s time to unleash the flexibility of your HR.26 April 2018
With the 25th May deadline only a month away, it is more important than ever for HR and payroll departments to ensure that they are GDPR compliant. If organisations are not compliant the penalties are significant, with fines of up to €20m or 4% of global revenue, and companies will undeniably suffer from significant brand damage.
So, what should HR and payroll teams do during the next month to ensure that they are compliant and ready by the deadline?9 April 2018
With just three months to go until the General Data Protection Regulation (GDPR) comes into force, the clock is ticking for HR and payroll managers to get the systems and processes in place to ensure compliance. The regulation, coming into effect on 25 May 2018, updates data rights for today’s networked world and organisations ignore it at their peril. A major infringement could cost a company up to 4% of its global revenue while there is a penalty of 2% of global revenue if records are not in order or a supervising authority and data subjects are not notified within 72 hours when personal data is exposed in a security breach.19 March 2018
Once GDPR takes effect on 25th May 2018, organisations that fail to process data correctly, report security breaches within a set time period, or comply with data regulations, will face fines and brand damage. These legislative changes emphasise how HR and payroll professionals need to be more security-conscious than ever before.14 March 2018
If you want to learn best practice in handling data in light of the General Data Protection Regulations (GDPR), you can do no better than to look at DuPont. Now part of science giant DowDuPont following a merger last year, data is part of the DNA of the organisation and it has a long history of embedding data protection into its culture.12 March 2018
Once GDPR comes into effect, companies must provide employees and data regulation authorities with carefully-documented data information. To simplify this process, these records should be stored in the form of a data register, filled in by HR and payroll professionals, alongside other departments within the organisation. However, how should HR and payroll departments set up and maintain a data register?
In February, SD Worx hosted its European Conference 2018 at Hilton on Park Lane, London, with over 800 attendees and 30 expert speakers. One of the sessions, titled ‘How to be internationally compliant in a digital world’, was hosted by Gert Beeckmans, chief risk and security officer SD Worx, and Frank Rudolf, director of payroll at PAREXEL. Here are their top five lessons on implementing GDPR:1 March 2018
The end of the payroll year is typically a very stressful time for payroll teams. With an extensive amount of tasks to be completed within tight deadlines, any mistakes can be costly.
However, the end of year process can be drastically simplified by engaging with tailored payroll software. This technology can be utilised to assist payroll professionals throughout the year, but how can it help payroll teams in April each year?27 February 2018
With the General Data Protection Regulation (GDPR) around the corner, employees will soon have the right to know the status of the personal data that companies retain. Ex-employees and unsuccessful applicants can also request that their data is discarded (if the necessary period for keeping their data has expired). Because of this, it’s important that data is processed and stored clearly and correctly.14 February 2018
On Wednesday 25th January, SD Worx and DLA Piper hosted the second webinar in our General Data Protection Regulation (GDPR) series focused on implementing an appropriate retention of employees’ data.29 January 2018
With the GDPR deadline just four months away, are you prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist of essential steps to compliance.19 January 2018
With the General Data Protection Regulation (GDPR) due to take effect in less than four months’ time, it’s essential that HR managers understand exactly what the regulation entails.15 January 2018
With the General Data Protection Regulation (GDPR) deadline just four months away, is your organisation prepared? To help get your HR and payroll department ready for when the regulation takes effect on 25th May, we’ve put together a checklist that includes the essential steps to compliance.8 January 2018
With GDPR on the horizon, are your HR and Payroll departments prepared? With large fines and serious damage to your business’ reputation at stake for non-compliance, here’s how you can become GDPR compliant in five practical steps:20 December 2017
With GDPR fast approaching, SD Worx commissioned an independent survey of HR and payroll professionals across nine European countries to determine GDPR readiness in the industry. These countries included The United Kingdom, France, Germany, Switzerland, Belgium, Ireland, the Netherlands, Austria and Luxemburg.19 December 2017
On Thursday 30th November, the SD Worx and DLA Piper teams hosted the first webinar in our General Data Protection Regulation (GDPR) series. This webinar focused on the HR and payroll industry and how it should manage the data rights of employees.11 December 2017
Technological advancements are helping to turn a vision of digitally accessible, automated payroll processes into reality. Here’s five predictions for the future of payroll:5 December 2017
In the upcoming webinar, titled ‘GDPR: Dealing with the data rights of your employees’ and brought to you by SD Worx and global law firm DLA Piper, HR professionals can learn about data subject rights ahead of the General Data Protection Regulation (GDPR). This is the first in a series of GDPR guidance webinars to be launched in the run up to May next year.22 November 2017
A recent survey carried out by SD Worx revealed that out of 4,000 European employees surveyed, 44% had been paid late by their employers and 48% of those that had been paid late had also been paid incorrectly. The research exposes several risks for businesses associated with not paying their employees correctly: let’s explore the top three.13 November 2017
With just six months to go until the General Data Protection Regulation (GDPR) takes force, payroll departments need to ensure they know what’s coming, or risk paying for it later. The stakes are high, as businesses that fail to comply with GDPR could face fines of up to 4% of their total annual revenue.13 November 2017
With any outsourced service that a business requires, it’s important to understand the needs that service should fulfil before selecting a provider. This is especially true when it comes to choosing payroll services: it’s one of the most important requirements to get right, and choosing the wrong provider could lead to damaged business reputation in the form of disgruntled and less productive employees, a low staff retention rate and more.8 November 2017
We all know GDPR is coming, but is your business really prepared for it? To help get your HR and payroll department ready for when the regulation takes effect on 25th May 2018, we’ve put together a GDPR checklist.25 October 2017
Businesses in every industry have been affected by the way that we now rely heavily on technology. Technology is now a part of everything we do – both at home and work—and in order to stay relevant in today’s world, all industries must continue to be innovative and remain up to date with technological advancements, especially in the workplace.19 October 2017
Exactly who should be responsible for data protection within an organisation? Should it be a matter for C-level staff only? Or the IT department? The sales and marketing department collecting customer information? Or is it time to appoint a dedicated Data Protection Officer?18 October 2017
Big data and analytics have now entered numerous industries, including healthcare, financial services and retail. Despite many HR and payroll providers now using big data as part of their services, the industry has predominately been slow on the data uptake, in comparison to adoption within others. HR and payroll is largely an industry that relies on human intuition, rather than data and statistics, however, providers have started to see for themselves benefits of big data and analytics, and thus are beginning to implement these into their services.10 October 2017
We have previously discussed what the General Data Protection Regulation (GDPR) is, when it will come into play and the consequences of breaching it. In this blog, we want to focus on the key provisions of GDPR and how it will affect businesses.
Having joined the GDPR bootcamp for Marketers in Reading on the 15th of September, I wanted to share what I have learned during this full on (but very enlightening) day in an easy to digest blog:.2 October 2017
The Chief Legal Officer of SD Worx, Jacqueline Raison, has written some useful information on GDPR and what it might mean for your organisation. This is the second of a series of articles on the steps we are taking at SD Worx to ensure GDPR compliance.
Chief Legal Officer of SD Worx, Jacqueline Raison, has written some useful information on GDPR and what it might mean for your organisation. This is the second of a series of articles on the steps we are taking at SD Worx to ensure GDPR compliance.Jacqueline Raison - 6 September 2017
With Britain voting to leave the EU last June, 2016 was a big year for pan-European news. And, while the full implications of Brexit remain to be seen, it is clearly creating much discussion amongst business leaders who are already starting to plan ahead for the legislative changes that will no doubt impact both their operations and compliance.
One of the business areas most likely to be affected is international HR and payroll, so with that in mind, ‘Brexit and Business’ will be one of the key themes at our upcoming 2017 SD Worx European Conference. This year’s event will be bigger and better than ever before, taking place on the 8th February at London’s Hilton on Park Lane.