SD Worx GDPR Statement

In May 2018, a new European privacy law will come into effect that requires significant changes by organisations all over the world. The HR industry is set to become one of the most affected, with actions needed to be taken in HR departments internationally. 

The General Data Protection Regulation (GDPR) imposes new rules on the collection and processing of data linked to EU residents.

Privacy and data protection within SD Worx

  • Privacy and data protection within the SD Worx Group has been formally assigned to the Risk & Security team since January 2015
  • Privacy is considered from a broader risk management perspective and not only from a legal compliance point of view

GDPR within SD Worx

  • GDPR drafts were closely monitored during the first half of 2016, with an impact assessment carried out immediately once the final text had been ratified
  • An impact assessment and initial action plan was presented to the Executive Committee in June 2016
  • A two-year action plan to ensure compliance with the GDPR was approved with executive support as part of the 2017 commitment

Actions that we are implementing

  • Formal appointment of data privacy managers in every country
  • Full review of all security and privacy policies and integration of GDPR requirements into said policies
  • Review and improvement of technical and organisational measures
  • Establishment of a personal data register
  • GDPR-compliant data processing agreement to ensure that all our suppliers continue to apply the same high standards on data protection
  • Review of all supplier contracts and arrangements
  • Employee awareness and training programme
  • Review of incident response procedures to include new requirements for data breach reporting
  • Establishment of a formal framework and process for privacy impact assessments
  • The General Data Protection Regulation (GDPR) imposes new rules on the collection and processing of data linked to EU residents.
  • Protecting your data and helping you with the compliance challenges set out by the new data protection regulation are our top priorities.