On the 25th May, the European Union (EU) brought the General Data Protection Regulation (GDPR) into force. This is one of the biggest changes to data protection rules over the last two decades and will change the way businesses collect, process, store, transmit and use two types of data: personal data and, its subset, sensitive data.
Although it is an EU regulation, its scope is far-reaching and will include many businesses and organisations operating outside of the EU.
This is because GDPR is the first extraterritorial law that extends beyond the territory of the EU. It is applicable to any business that processes the personal data of an EU resident, regardless of whether the processing takes place in the EU or not.
This will lead to a number of changes APAC organisations will need to be aware of, particularly in relation to:
The EU is likely to come down hard on businesses found to be blatantly non-compliant with GDPR, with fines of up to four per cent of annual global turnover or €20 million, whichever is greater.
But, it’s not just financial risks businesses need to be aware of. With the increased attention on data privacy and data breaches, employees and customers are becoming increasingly aware of how their data is being used.
As such, anyone to be found in breach of applicable privacy laws could be at risk of serious reputational damage, in addition to the large financial fines. Compliance and I.T. departments will be looking to address the impact on customer data. But, that’s not where GDPR’s scope ends.
The main reason GDPR matters to payroll is because, under the new regulation, personal data includes that of employees.
This means HR and payroll need to know and understand the new data privacy regulations set out in the GDPR and how they apply to employees.
Under GDPR, employees will have the same rights as a customer or client when it comes to their personal data. If an employee makes a request to exercise their data subject rights, the employer will have to fulfil it within a month. This includes any request around right of access, right of correction, the right of movement and the right of erasure.
Additionally, GDPR will impact the way in which payroll collects and secures employee information, as well as the contracts held with payroll providers.
For payroll, GDPR is going to have a significant impact as employees personal data is covered by GDPR. This means getting on top of your data and ensuring you have partners in place that will help you navigate the changing regulatory landscape.
To help payroll and HR navigate this complex landscape, Anij Janardhanan, Head of Global Compliance and Business Excellence at Ascender, has developed a definitive guide to GDPR. You can download the guide here.