Do you have multinationals based out of Europe, or are you a part of a multinational organization with employees residing in the European region? If the answer to either of these questions is a "Yes," it is essential that you dwell deeper to change gears of your current payroll operations to comply with the new General Data Protection Regulation (GDPR) norms laid by the European Commission.
What is intriguing about GDPR is that while it lays norms that affect the entire European Union (EU), each country has the liberty and right to levy rules that further strengthen and unify the existing data protection laws laid by GDPR.
By now, most people are already aware that GDPR is an update to the existing legislation that impacts and includes all residents within the EU region. The European Union, by far, has had the strongest data protection laws, and GDPR is just the tip of the iceberg. A lot has already been spoken about what GDPR is and how it impacts one's organization, but what is interesting is its ability to impact one's payroll operation, specifically the EU, which, in turn, affects an organization's global payroll operation.
Listed below are a few points of consideration that an organization that has either consolidated or is in the process of reducing their global payroll operations (either by themselves or through a worldwide payroll partner) rethink and reconsider –
- Residence/ Transferring of the Data: This is perhaps, the most crucial aspect that can impact your global payroll operations. Unifying and consolidating your scattered employee data in a single payroll system is the first step toward achieving your dream of a truly global payroll operation. With GDPR coming into place, it will now be important that your data is hosted in the EU region or in a region that qualifies for an adequate level of protection. Look at cloud systems that comply with.
- A strong privacy and security regime: Start by updating the privacy policies (read Neeyamo's Privacy policy) to appointing a Data Protection Officer (DPO) and obtaining and recording proof of consent to the mechanism to responding to employee's Subject Access Rights (SARs). This should also include assessing your records and storing timesheets to handing out payslips to employees. Build and document strong data privacy and security regime that not only helps strengthen the current process but also sets a strong reporting and escalation mechanism that intimates the data protector (within 72 hours as per GDPR).
- Assessing the payroll partner's readiness: Payroll partners, also termed as the data processors under the GDPR, will now be answerable to a great extent in case of any breach or mishap. You must run a thorough health check on their readiness and request audits and reports. All carry out a rigorous risk assessment that includes users, processes, and systems. Further, insist on creating processes that require very little transferring of data.
Payroll, because it handles sensitive data and information, therefore requires laying-out maximum measures and enforcing policy and process changes as required. Remember! Noncompliance with GDPR can cost you millions! (The maximum fine for compliance failure is up to 4% of annual global turnover or €20 Million, whichever is greater).
If you are a CFO or a payroll manager who wishes to learn or understand how ready your current payroll process is or is looking for help, write to irene.jones@neeyamo.com
Interested in reading and knowing more? Click here to receive regular communications from us!
