3 months on: What’s new with GDPR?
In the lead up to 25th May 2018, the General Data Protection Regulation (GDPR) was everywhere as organizations across Europe (and further afield) prepared for stricter regulations on handling customer and employee data. Three months have passed since its implementation, but what’s new with GDPR?
From a consumer point of view, a recent study shows that more consumers than expected are activating their new data rights and are doing this much sooner than expected. Within the first few hours of GDPR’s legislations taking effect, complaints were lodged against tech giants Facebook, Google, Instagram and WhatsApp. Although there hasn’t been a high-profile GDPR fine because of payroll, the ICO is treating any data breach seriously and will not hesitate to fine non-compliant organizations.
In the world of HR and payroll, a lot has changed, as new regulations on processing and storing data have emerged. For example, there is greater pressure for organizations to create and maintain their data registers more rigorously. Under the new regulation, payroll and all other sensitive data must be compliant or organizations risk considerable fines.
Fines in the past have been issued to organizations in a multitude of industries, so protecting payroll data is vital, especially with the real threat of cyber-attacks from hackers that target organizations in a variety of industries. The payroll department holds extremely sensitive data, and so processing and storing this data in the correct way is crucial. Yet, there’s still more that employers and employees can do to ensure that their organization is GDPR compliant.
The quieter summer months provide a good opportunity to assess where the organization stands on its GDPR compliance. HR and payroll teams should go back and look over the processes that the organization has in place for handling sensitive data. Now organizations are more familiar with the regulations, they should check that the processes they have in place are the most streamlined and efficient ones possible. In addition, teams should assess how the initial processes are working and make any adjustments that are necessary.
Beyond the processes in the HR and payroll department, organizations should also check that the employees themselves are also GDPR compliant. Employers can run a GDPR compliance refresher course to check that employees are familiar and up to date with requirements and to ensure that the measures employed for compliance haven’t been forgotten. This will ensure that GDPR compliance wasn’t a one-time job, it’s an ongoing commitment. Frequently assessing your processes for compliance is vital and constant maintenance of the data register to ensure that unnecessary data is removed is all part of GDPR compliance.
There will always be more that organizations can do to ensure compliance, and with efficient processes and regular monitoring in place, organizations can keep the risk of a breach to a minimum.