GDPR is going into effect in less than 1 month. Businesses all over the world have been trying to figure out what changes need to be made to systems and processes to ensure compliance, and legal departments everywhere are creating language for opt out messaging and data subject rights. So when the clock strikes midnight on May 24th, will you be ready?
GDPR is the largest change to data privacy laws in more than 20 years. What is different about the new changes this time around is that it doesn’t matter if your business is located or headquartered in the EU, you still have to follow the rules if you do business with anyone living or visiting the EU. The location of your company does not matter anymore – it only matters where the business activity is taking place. If you are a global business, it is more than likely you will feel the effects of the GDPR changes.
Along with the changes to company location, there are also many new changes as it relates to processing and saving personal data, notification after a data breach, and data subject rights (the individuals whose personal data is being processed). With fines beginning at £20 million (or 4% of global turnover – whichever is greater), there is no room for error. The GDPR is taking data privacy to a new level, and other countries are soon to follow. Many countries including Canada and Australia have already enacted privacy laws and more will come in the next few years.
Getting prepared for the May 25th deadline is no small task, but you can start with understanding the personal data that is processed or transferred by your company. Payroll processing uses many personal data points for each employee.
Some keys questions you need to address in your organization include:
- Who within your company will be responsible for ensuring the data protection? Most companies are hiring or creating this role, with a new title of Data Protection Officer.
- Does your senior leadership (CFO/CIO) understand the risks and penalties associated with GDPR? GDPR affects all aspects of business – beyond payroll and HR.
- Are you using a GDPR-compliant processes or systems to manage your global payroll? Could you potentially be transferring personal data in a way that is non-compliant with the new GDPR laws? Email is no longer an approved method of transferring data – if you are using spreadsheets and email to manage your payroll in the EU, that needs to change immediately.
- Do you know that beyond overall GDPR compliance, countries outside the EU can enact stricter policies if they choose? Compliance around the world is changing – GDPR is only the beginning.
- Are you aware that any employee can report a company to the local GDPR officials? Make sure your company is prepared and ready – your employees should be aware of the new policies as well so they don’t inadvertently break any regulations.
If you are not ready for the May 25th deadline, we can help – our global consulting team includes legal services that can audit your current processes and let you know where you might have some exposure to GDPR penalties. Our global payroll team can get you up and running quickly with GDPR-compliant payroll processing, and we have a team of experts in the EU to ensure your payroll is compliant and secure. Avoid penalties by proactively making sure you are ready for GDPR and you can rest easy when the clock strikes midnight on May 24th!
For more information, you can read more at the EU GDPR Information Portal: https://www.eugdpr.org/