Conducting a GDPR readiness assessment and action Plan
We assess the risks associated with users, processes and systems for both your organisation and your provider partners. Working with your data protection officer we will analyse your current processes and report on all of the areas of potential risk, detailing where and how a breach could occur. Working with your payroll operations team, we will build a plan to mitigate those areas of risk and support your organisation in executing those changes.
Establishing a data breach reporting process
To comply with the regulations, the payroll operations team have to establish an information breach escalation plan compatible with the corporate reporting process. The payroll operations team have a dependency on their provider partners, defining a process between the third party and the controller. We will support your organisation in documenting, communicating and training all of the actors involved in the end to end data delivery.
Review provider contracts
Many of the provider agreements will have been established before GDPR. A process of continual assessment and contract amendment will be needed. We can provide advice on the contractual terms that should be present to meet GDPR requirements.
Addressing data subject rights
The new regulations give rights to the subject (employee) to request access and information about the personal data held by the employer. For an outsourced payroll environment this is more complex, and the business has to prepare information for employees explaining the measures taken to address GDPR and the process for sharing data. We will work with your organisation and partners to determine where the data is held and how this can be communicated to your employees.
Monitoring and detection
All businesses operating with subjects in the EU should establish a corporate process for monitoring and detecting data breaches. The goal is to integrate your payroll organisation with the corporate monitoring and detecting process. This will include regular assessments of all third organisations. Sharing our knowledge of these processes, we can help your organisation establish the continuous monitoring and detection process.