Twelve months ago, HR and payroll teams around the world were preparing for the changes that the new General Data Protection Regulation (GDPR) was set to bring to the industry. So, how are they coping with compliance today? With some departments more prepared than others in the lead up to the 25th May 2018, organisations will now have had time to implement their processes and ensure that they are handling data compliantly.
With a year to settle in and become familiar with guidelines to avoid compliance, this anniversary provides the opportunity to look back and assess whether your organisation is GDPR compliant or whether the processes in place are leaving it open to huge fines and significant brand damage.
With potential fines reaching €20m, or 4% of annual global turnover (whichever is highest), and the ensuing damage to business and reputation within your industry, GDPR non-compliance is too great a risk to take. If there is anything to be learnt from the last 12 months, it is that the relevant watchdogs and the ICO are monitoring businesses and their operations with a keen eye.
Following the global Cambridge Analytica scandal, Facebook was fined £500,000 (€565,000) by the ICO – the maximum fine allowed prior to the introduction of GDPR. However, due to the privacy issues surrounding Facebook and its operations, not only has it suffered significant brand damage, but the tech giant has also revealed that it is expecting to pay up to $5bn to the FTC as a result of this misconduct.
Although these fines cannot be traced back to HR operations, the HR and payroll departments are not exempt from this risk – even those based outside of the EU.
Continuous learning is vital in the non-stop world of compliance and, with twelve months having elapsed since the introduction of new compliance processes, now is the perfect time to reassess and make any necessary updates or adjustments. With laws always being updated and new legislations being introduced, HR and payroll departments have to remain up-to-date, ensuring that they’re aware of how operations may have to adapt in relation to this. It’s vital that compliance is not forgotten about as this only increases the chances of data being kept illegally and processes becoming out-of-date.
Although a significant part of the HR and payroll department’s tasks, compliance is not only down to these teams – it is a company-wide responsibility. It’s not just the processes that can be updated one-year on: take this opportunity to update employees on their responsibilities, too. Running regular refresher courses that clearly outline how to responsibly handle employee and customer data without breaching privacy laws will ensure that everyone is up to date and compliant.
Implementing the correct methods to ensure your organisation was compliant by the initial deadline was only part one – continuing compliance moving forward is equally important in today’s privacy-focused world.
To learn more about SD Worx and its Power of Payroll campaign, download its white paper on unlocking the power of payroll here.