Understanding GDPR

Understanding GDPR

Understanding GDPR

GDPR is a law to reinforce what you should already be doing, which is to protect your employee’s personal information. GDPR has introduced a new set of terminology to define the multi-layered relationship between the controlling function and the processing organisation.

GDPR is a law to reinforce what you should already be doing, which is to protect your employee’s personal information. GDPR has introduced a new set of terminology to define the multi-layered relationship between the controlling function and the processing organisation.

GDPR action plan

Assess the risks associated with users, processes and systems for both your organisation and your provider partners. Working with your CISO analyse your current processes and report all the areas of potential risk, detailing where and how a breach could occur. Starting with your payroll operations team build a plan to mitigate those risks and support your organisation in executing those changes.

Monitoring and detection

All businesses operating with subjects in the EU should establish a corporate process for monitoring and detecting data breaches. The goal is to integrate your payroll organisation with the corporate monitoring and detecting process. This will include regular assessments of all third organisations. Sharing our knowledge of these processes, we can help your organisation establish the continuous monitoring and detection process.

Review provider contracts

New and existing contracts must meet GDPR requirements and a process of continual assessment and contract amendment may be needed. Inhouse counsel and law firms can provide advice on the contractual terms that should be present to meet GDPR requirements.

Data breach reporting

To comply with the regulations, the payroll operations team have to establish an information breach escalation plan compatible with the corporate reporting process. The payroll operations team have a dependency on their provider partners, defining a process between the third-party processor and the information controller. Your organisation should document, communicate and train all the actors involved in the end to end delivery.

Data subject rights

The regulations give rights to the subject (employee) to request access and information about the personal data held by the employer. For an outsourced payroll environment this is more complex, and the business has to prepare information for employees explaining the measures taken to address GDPR and the process for sharing data. Establish with your organisation and partners to determine where the data is held and how this can be communicated to your employees.

GDPR action plan

Assess the risks associated with users, processes and systems for both your organisation and your provider partners. Working with your CISO analyse your current processes and report all the areas of potential risk, detailing where and how a breach could occur. Starting with your payroll operations team build a plan to mitigate those risks and support your organisation in executing those changes.

Monitoring and detection

All businesses operating with subjects in the EU should establish a corporate process for monitoring and detecting data breaches. The goal is to integrate your payroll organisation with the corporate monitoring and detecting process. This will include regular assessments of all third organisations. Sharing our knowledge of these processes, we can help your organisation establish the continuous monitoring and detection process.

Data breach reporting

To comply with the regulations, the payroll operations team have to establish an information breach escalation plan compatible with the corporate reporting process. The payroll operations team have a dependency on their provider partners, defining a process between the third-party processor and the information controller. Your organisation should document, communicate and train all the actors involved in the end to end delivery.

Data subject rights

The regulations give rights to the subject (employee) to request access and information about the personal data held by the employer. For an outsourced payroll environment this is more complex, and the business has to prepare information for employees explaining the measures taken to address GDPR and the process for sharing data. Establish with your organisation and partners to determine where the data is held and how this can be communicated to your employees.

Review provider contracts

New and existing contracts must meet GDPR requirements and a process of continual assessment and contract amendment may be needed. Inhouse counsel and law firms can provide advice on the contractual terms that should be present to meet GDPR requirements.

Delivering results

Delivering results

Don’t gamble with yours or your companies reputation.