The General Data Protection Regulation (GDPR) will come into effect in May 2018. Its mandate is to provide all individuals within the European Union (EU) with greater personal data protection. The legislation covers measures for all and any information that could identify an individual directly or indirectly.
Now, you might think that GDPR doesn’t apply to you or your business as you’re based on the African continent and not in Europe – but you could be wrong. The new legislation doesn’t just affect companies based in the EU. Any company that employs people from the EU, or does business in the EU, has to comply with the new legislation. Failure to do so could result in your business facing severe penalties for non-compliance.
What does this mean for HR and payroll teams?
Payroll processes involve a lot of personal information. As such, there is no doubt that GDPR will have an enormous impact on the payroll landscape. The legislation adds new responsibilities that HR and payroll leaders will have to manage to ensure compliance.
These new responsibilities include providing employees and job applicants with privacy notices specifying what their personal data is being used for and whether it will be transferred outside of the EU. In the case of the latter, payroll managers will have to ensure that personal data is only transferred in line with regulations. Should a data breach occur, they must notify the data protection authorities within 72 hours.
When a company outsources its HR and payroll processes, the responsibility of complying with GDPR legislation becomes the shared responsibility of the business and its outsourced payroll provider.
The company’s data controller is responsible for, and must comply with, the core principles of GDPR. While the payroll provider must be able to implement technical and organisational measures to protect data and assist with compliance. For example, the provider needs to ensure that all stored data, software and data backups are encrypted and secure.
How to prepare for GDPR
To get your company ready for GDPR, you need to review your entire payroll process. You need to systematically assess each and every function and bring it in line with the legislation. How your teams collect, store, archive and destroy data is absolutely critical. You need to know who is handling the information – and determine whether these employees actually need access to it in order to do their jobs. Could you reduce the number of employees that have access to sensitive information? You should also follow industry best practice and determine what data is crucial to your business. Then focus your efforts on collecting and storing only that information.
GDPR can seem overwhelming. Make sure your payroll software is secure and that the provider you work with is GDPR compliant and you’re halfway compliant already. However, if you’re still unsure if or how the new legislation could affect your business, do your research and speak to an expert payroll provider for advice. Don’t ignore GDPR just because the EU is miles away – and be proactive in looking at to how your business may need to comply. It’s always better to be safe, rather than sorry.
By Warren van Wyk, Director, PaySpace