Changing gear with GDPR for Global Payroll Operations

no responses
GDPR and Global Payroll

By  Anika Panwar, 05 July 2018

Do you have multinationals based out of Europe or are you a part of a multinational organization with employees residing in the European region? If the answer to either of these questions is a “Yes”, it is important that you dwell deeper to change gears of your current payroll operations to comply with the new General Data Protection Regulation (GDPR) norms laid by the European Commission.

What is really intriguing about GDPR is the fact that while it lays norms that affect the entire European Union (EU), each country has the liberty and right to levy rules that further strengthens and unifies the existing data protection laws laid by GDPR.

By now most people are already aware that GDPR is an update to the existing legislation that impacts and includes all residents within the EU region. The European Union, by far has had the strongest data protection laws and GDPR is just the tip of the iceberg. A lot had already been spoken about what GDPR is and how it impacts one’s organization, but what is interesting, is its ability to impact one’s payroll operation specifically to EU and this, in turn, affecting an organization’s global payroll operation.

Listed below are few points of consideration that an organization who has either consolidated or in the process of consolidating their global payroll operations (either by themselves or through a global payroll partner) rethink and reconsider –

  1. Residence/ Transferring of the Data: This is perhaps, the most crucial aspect that can impact your global payroll operations. Unifying and consolidating your scattered employee data in a single payroll system is the first step towards achieving your dream for a truly global payroll operation. With GDPR coming into place, it will now be important that your data is either hosted in the EU region or in a region that qualifies the adequate level of protection. Look at cloud systems (like SAP SuccessFactors – read how SAP SuccessFactors can help you comply with GDPR) that comply with.
  2. A strong privacy and security regime: Start by updating the privacy policies (read Neeyamo’s Privacy policy) to appointing a Data Protection Officer (DPO) and obtaining and recording proof of consent to the mechanism to responding to employee’s Subject Access Rights (SARs). This should also include assessing on how will your records and store timesheets to handing out payslips to employees. Build and document a strong data privacy and security regime in a manner that it not only helps strengthen the current process but also sets a strong reporting and escalation mechanism that intimates the data protector (within 72 hours as per GDPR).
  3. Assessing the payroll partner’s readiness: Payroll partner also termed as the data processors under the GDPR will now be answerable to a great extent in case of any breach or mishap. It is important that you run a thorough health check on their readiness and request for audits and reports. In all carry out a rigorous risk assessment that includes users, processes and system. Further, insist on creating processes that require very little transferring of data.

Payroll, because it handles sensitive data and information, therefore requires laying-out maximum measures and enforcing policy and process changes as required. Remember! A non-compliance with GDPR can cost you millions! (The maximum fine to the failure of compliance is up to 4% of annual global turnover or €20 Million; whichever is greater).

If you are a CFO or a payroll manager who wishes to learn or understand how ready your current payroll process is or is looking for help, write to irene.jones@neeyamo.com

Interested in reading and knowing more? Click here to receive regular communications from us!

This blog is for informational purposes only and not intended to convey or constitute legal or any other advice. It is not a substitute for advice from a qualified professional.

Leave a Reply

Your email address will not be published. Required fields are marked *