The General Data Protection Regulation (GDPR) is the top topic of conversation in offices all across the country at the moment and every business needs to be aware of how the changes might affect them.
There will be changes across each company but there are some core considerations for payroll departments before 25th May 2018 when the regulations come into place.
The first thing businesses should be aware of is that the regulations will affect every company. The regulations will impact on payroll, and the people who are responsible for payroll should consider how the changes will impact on them – there will be action and accountability in this area.
Each business should appoint a member of staff as a designated Data Protection Officer – the payroll department should have regular contact with the Data Protection Officer to ensure that the regulations are adhered to.
Handling payroll data, as well as sending and retaining the payroll data will require attention. Businesses have to ensure that payroll data is not held unnecessarily and there are documented procedures in place to protect payroll data and employee payslips.
Regular Data Protection Impact Assessments can be carried out to help payroll teams identify the most effective way to remain compliant with their obligations as well as ensuring privacy standards are maintained.
A lot of data protection issues arise when staff are unaware of processes and procedures so communication is essential. Keeping staff aware of any issues and developments can help reduce this risk.
Be aware that any payroll data breaches could cost your business dearly – up to 4% of annual global turnover. Our recommendation would be to review GDPR within your organisation as soon as possible, and certainly contact your payroll provider if you outsource that function. Ultimately if your provider cannot give you reassurance that this is high on their agenda you should consider changing providers to protect both your business and your valuable employee data.
You can check out more information on GDPR here.