Is Your Payroll Provider Ready for GDPR?
With GDPR changes going into effect in May, companies all over the world are preparing for procedural and system enhancements to stay compliant. With severe penalties for non-compliance, it is vital to make sure your company is ready – but what about your payroll provider? Are they ready for GDPR?
Under the new changes, companies processing private data must prove their security measures are up to date with the new regulations and notify EU authorities within 72 hours of a breach or face penalties of up to £20 million or 4% of worldwide revenue (whichever is greater). If your payroll provider is not up to date with the GDPR regulations, your company is at risk.
Here are just a few steps your payroll provider should be taking to ensure compliance with the new regulations:
- Reviewing policies and procedures related to private customer data.
- Documented strategy and provides a comprehensive plan for compliance.
- Properly collecting, processing, and storing private customer data.
- High level access, control, and passwords are carefully managed.
- Review all current user rights to ensure appropriate access levels.
- If there is an employee self-service option, access and editable data should be limited to as needed only.
- If data is currently being sent via excel spreadsheet, the transfer of data must be changed to FTP, a secure portal or document storage system.
Confirm with your payroll provider that they are making the required changes to ensure compliance with GDPR. Validate payroll data transfers, procedures and documentation prior to the rollout of GDPR so there are no gaps in data security.
Your company data privacy and security extends to your vendor partners as well. Getting started now will help you identify any issues and make changes prior to the May implementation of GDPR. For more information, click here