GDPR Impact on HR & Payroll: How employers can achieve compliance
 

It’s not just about customer data. It’s about employee data.

 

Following the 25th May 2018, fines aren’t a distant threat. They’re the reality of non compliance.

 

Many companies are focusing their GDPR efforts around their external data. They’re reviewing and systems to ensure compliance with customer’s new rights.   However, the new regulation also extends to the data you hold on your employees.   So, following 25th May, you need to show regulators that you’ve factored HR and payroll into your compliance strategy. They should have a permanent seat at your GDPR table, right alongside finance, IT and operations.

View their case study now ›

 
 
We wanted to give individuals more responsibility for keeping track of their own data and was looking for a solution with manager and employee self- service which would allow individuals to access information such as employment details       Bray Leino, one of the largest creative communications agency outside London.

Get up to speed on GDPR.

Find out what employers need to know with Cecile Georges (Chief Privacy Officer, ADP) and Emeline Bissoni (EMEA Regional Privacy Manager, ADP).

 

Have you got employee data covered?

 

If an employee wants to exercise their new rights and see all the data you have on them, how will you respond? How long will it take you to pull together all that information? Do you really know where it lives?  

You’ll definitely have HR records and payroll information, but what about all the other personal data? Their interview submissions, their expenses claims, their sickness absences etc?  

This is likely to be stored across different systems, on people’s desktops and personal folders, and also in physical filing cabinets.  

Following the GDPR, employees have strengthened rights under GDPR, so HR needs to:  

  • Understand what data they have on employees
  • Optimise their HR systems to better manage that data
  • Prove to employees that their data requests have been actioned
 
 
      33% of HR leaders are concerned about data privacy and GDPR.     Source: IDC Executive Brief, Cloud, Compliance and the Case for HR Transformation to Support Your HCM Strategy, 2017
 

Think about all the data you collect…

From when a candidate first comes to interview through to when they leave the company, there will be masses of data you collect about them. And now, that’s all data that they could request to see – at any time. Here are a few scenarios you should be ready for.

 
 

Recruitment
Lots of personal data is received during recruitment. CVs, portfolios, application forms, personal submissions. What is your policy for storing and managing that? When a potential employee comes for interview, you will probably take further personal information such as photos. How do you prove that consent was given for that? If they are not hired, what do you do with their data? How long do you keep it for? When a candidate is hired and becomes an employee, do you have a clear process for moving data from the recruitment database to the employee database? Or does information reside in both?

 
 

Payroll
GDPR gives employees the right to have their personal data removed. Yet organisations have other regulations to comply with that require the retention of certain information, such as financial data So, if an employee asks to have their payroll data removed, do you know how to respond? Are you able to anonymise or encrypt the data to meet both requirements?

 
 

Expenses, travel, medical info
Remember that the GDPR affects all internal systems and applications that process employee’s personal data. So, your systems need to be fully compliant. Are you sure you’ve accounted for all aspects of employee data – from expense claims and travel records to medical and dental information? 

 
 

Updated privacy notices
Now, you need to be transparent about how you process people’s personal data. You need to provide staff and applicants with privacy notices that specify the purpose and legal basis of that processing, and whether you will be transferring their data out of the EU.

 

Now the new regulations are in effect, there are many more HR scenarios that you need to have covered, which are outlined in this Employee Data Audit template. We’ve based this on a typical employee lifecycle, and included useful guidance for assessing your current compliance risk and identifying practical next steps.

 

How can ADP help you?

 

We’ve just entered the biggest shake-up of European Data Protection Laws in 30 years. ADP can help you demonstrate that you’re actively addressing the key elements of the GDPR, reducing the risk of substantial fines.

Choose from our range of fully compliant HR and payroll solutions – fromment and timesheet systems to full multi-lingual, multi-currency payroll platforms. Each solution is designed to act as a complementary add-on to your existing setup, or as a solution in its own right.

 
 

Protecting your privacy and security is at the heart of our mission. If you need help choosing the best approach, our expert support team can assess what you have now and recommend an option that best aligns to your goals. Plus, they will always be on hand to answer your questions.  

We know that when it comes to GDPR compliance, there’s a lot you have to have covered. So why not let us take care of your HR and payroll systems?
 

 
 

We know that as companies respond to the latest regulations, the regulations themselves also have the potential to evolve. That’s why we continually update our solutions to ensure the privacy and security of your data.

 

Our three guarantees

Security

Choose from secure cloud-based or on-premise systems that provide: - Intelligent detection - Automated data protection - Fraud defence - Identity management Access management ADP services are hosted securely and centrally in France, with a backup data centre in. Our IT and customer support services are delivered from, Canada and India via secure, remote access.

Compliance

ADP operates across the EU, so we need to comply with GDPR too – both as an employer and a service provider. To evidence our commitment to data protection, we successfully applied for the following Binding Corporate Rules (BCRs) in 2016: - Processor Code, for treating data as an HCM service provider - Controller Workplace Code, for treating the data we own as an employer - Controller Business Code, for treating the data we own as a business partner BCRs are the gold standard for GDPR compliance, ensuring we follow a single set of rules to protect personal data.

Support

Our dedicated compliance professionals operate from 15 global service centres, serving 112 countries, and are always on hand to answer your questions. They constantly monitor local legislative environments to guide you through the compliance process reducing your risk of substantial fines and penalties. Plus, they can provide specific GDPR consultancy, training and support to your HR departments. We also have a Global Privacy Team, with privacy lawyers, privacy program managers and risk analysts in each region ready to help you better safeguard personal data.

 

When you think how much personal data you generate yourself through your career, it might set off some alarm bells. But where do companies need to begin to be GDPR compliant from May 2018. Cécile Georges, Global Chief Privacy Officer of ADP talks about the questions you need to answer.

Read the blog ›

 
 

Further insights on GDPR

 

Get in touch to find out more

Our experts are on hand to discuss your business needs and answer any questions.

 

* Required field

Please enter your First name.
Please enter your Last name.
The Email field contains an invalid email address.
Please enter a Job Title.
Please enter a Company name.
The Phone Number field is requierd.
Enter # of Employees.
Enter a ZIP Code
 

Additional or Specific Requirements:

Enter a remark.
 
 
Requierd field.