The General Data Protection Regulation (GDPR) and Payroll Compliance

by Anne Reily, Founder and CEO of PaycheckPlus

 

The General Data Protection Regulation (GDPR) will come into effect May 25th 2018 replacing the current data protection framework under the EU Data Protection Directive. New rules will come into force that will have significant implications on businesses and payroll personnel. Some key changes, that have been well documented, include a territorial extension of jurisdiction, penalty alterations and consent conditions.

- Advertisement -

But what impact will this overhaul have specifically on payroll personnel? And how can businesses prepare for the radical changes? Find out below.

10 key new requirements for payroll personnel:

  1. Be aware of the significant increases in obligations and accountability
  2. Ensure that your business has/designates a Data Protection Officer – this person must have appropriate expertise therefore training or outsourcing may be required
  3. Develop/help maintain the required documentation but from a payroll data perspective
  4. Assist in minimising the data that you collect/store
  5. Implement and/or record “Data Protection Impact Assessments” (DPIAs)
  6. Develop/assist in the development of defined instructions and limitations for the various layers of data/payroll processors
  7. Be aware that there will be increased liability for breaches when working outside of agreed remits
  8. Know the implication of breaches – for example, the changes in penalties will mean that businesses in breach of GDPR can be fined up to 4% of annual global turnover or €20,000,000 (whichever is greater)
  9. Know what you need to do in the event of a breach. In most cases, if there are data breaches you may need to notify the appropriate parties (e.g. staff, the Data Protection Commissioner) “without undue delay” and if possible within 72 hrs of becoming aware of the breach
  10. Develop/assist in the development of, or at a minimum make yourself aware of, new business policies and procedures – these should be put in place to ensure compliance and to ensure that staff acts appropriately in accordance with the updated legislation

How to prepare?

The Data Protection Commissioner is responsible for upholding the rights of individuals as set out in the Acts, and enforcing the obligations upon data controllers.  They developed a useful guide that can help you and your organisation prepare for the GDPR ,click here for the 12 steps which organisations should be taking to be GDPR ready by 25 May 2018.

Responsibility

Payroll and HR managers/employees have a responsibility to ensure that their business is compliant with the ever-changing payroll legislation and that their employee and business data is secure and confidential. Along with their other internal obligations, payroll managers must prepare for the significant industry changes that are approaching. This may prove to be challenging, especially if there is uncertainty around current compliance due to the recent industry developments.

- Advertisement -