How to make sure your business’ HR and payroll processes are GDPR compliant The General Data Protection Regulation (GDPR), that came into force in May this year, is transforming how personal data is managed. This new legislation is designed to specifically protect the individual information of citizens within the European Union (EU). This includes all Personally Identifiable Information (PII) – whether it can be used indirectly or directly...
G
DPR is based in the EU. However, its mandate is not defined by geography. If an organisation processes any EU citizen’s data, then it must comply with the legislative requirements - regardless of where its offices are. Failure to do so could result in penalties of more than 20 million Euros. It doesn’t matter if your business is based in America or Africa. If you employ people from the EU and/ or do business in the EU, then you must comply with GDPR. It’s also worth thinking ahead. Your business may not fall into either of the above-mentioned categories right now, but an opportunity to do business in Europe could be on the cards. Or, the new sales director you decide to hire in a few months could be an EU expat.
38 / Issue 15
@PaySpace
Warren van Wyk, Director, PaySpace Warren van Wyk is one of the founding members and leaders of PaySpace. Warren has over 18 years of experience in the software development industry. After graduating from Van Zyl and Pritchard, he started his career at an international payroll vendor. He later moved to a large software outsource services vendor where he was placed on a project to rewrite a large client’s entire software technology stack using Microsoft technologies. His vast end-to-end software project experience coupled with his technical payroll knowledge greatly assisted the PaySpace team in the architectural solution design, having a leading and managing hand in every intricate area. His role as a leader in PaySpace means that he performs a variety of tasks which significantly affect the growth and strategy of the company.
If your processes are already GDPR compliant your business growth won’t be hampered by legislative delays. The impact on global HR and payroll teams HR and payroll functions process a lot of personal information; departmental leaders can expect increased complexity. They will have to manage a range of new responsibilities with greater oversight to ensure compliance with GDPR. Some examples include sharing privacy notices with all existing employees and job applicants. These will specify what their personal data is being used for and if it needs to be used outside the EU. Any transference of data outside of the EU has to meet the
regulatory requirements. Maintaining compliance is a weighty responsibility. However, if HR and payroll processes are outsourced, then the company shares the responsibility with its payroll provider. The latter assists with compliance by implementing technical and organisational measures to protect data. Their focus is on encrypting and securing stored data, software and data backups. Overall compliance with the core principles of GDPR is the responsibility of the company’s data controller. Top preparation tips To comply with GDPR, you need to build an inventory of PII. How is information collected, stored, managed and used within your business? Who in your organisation
XU Magazine - the independent magazine for Xero users, by Xero users. Find us online at: xumagazine.com
