With the new GDPR requirements almost one-year old, data security, consent, and privacy continue to be a focus for data protection authorities. While companies have had more than 2 years to comply with the new regulations, there are still marketing and sales activities that may not be gathering the correct permissions from users, and companies could begin to face fines and penalties.
Data Protection Authorities so far have not been assessing fines up to the maximum allowed, but are choosing to work with companies to help them understand and address the corrective actions that need to be taken. For a company that has been instructed to make changes and has not complied, fines will result. If a company is showing a “good faith effort” to correct issues, they will be treated more gently by the authorities.
Facebook and Google have been in the news for GDPR-related issues, but as we reach the one-year mark for GDPR enforcement, data protection authorities are now taking more active steps to enforce the regulations and impose fines for companies not in compliance. There is no grace period as companies have had more than 2 years to comply.
As payroll involves managing sensitive employee data, security and transfer of data must be strictly monitored to ensure compliance with data privacy, while allowing employees access to their data as well. Your payroll solution should encrypt data that is being transferred, maintain compliance with new regulations each year, and ensure employee data is protected in self-service portals so employees can access their personal details. If you are using spreadsheets or other manual processes to manage payroll, you are not in compliance with GDPR and must make changes to avoid data breaches or fines from data protection authorities.
As GDPR regulations evolve and the enforcement of GDPR gets more focus, companies must ensure that payroll, privacy, and collection of user consent is handled in accordance with regulations. If you are having challenges with data security, payroll compliance, or have questions regarding the protection of your employee data, talk to us – we can help! Our CIPP-certified staff can help you ensure compliance, take steps to improve your payroll data and compliance, and keep your company up to date with the latest GDPR requirements. Click here to learn more
Need help to understand what solution is best for your business?
Payescape Limited is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (register number 821826) for the provision of payment services.