- Heavy fines for non-compliance
- Door opened to litigation by individuals
- Ask us about GDPR toolkit to help make sure you’re ready
If you haven’t heard of the GDPR (General Data Protection Regulation), you must have been living in a vacuum, because it will become law on May 25th next year and apply to all organisations worldwide that process the personal data of EU citizens. The date is set in stone regardless of Brexit.
Broadly speaking, if you hold and/or process any personal data on employees, customers or other people – in other words any information that falls within the scope of the current Data Protection Act (which the GDPR will replace) – you’ll have to comply. However, the definition will be more detailed, to the extent where even an online identifier like an IP address can constitute personal data. There will also be special categories including genetic and biometric data.
The Regulation will apply to data ‘controllers’ and ‘processors’ (the controller says how and why personal data is processed and the processor acts on the controller’s behalf). If you are a controller and there is a processor involved (such as Just Payroll Services), the GDPR places further obligations on you to ensure your contracts with processors are compliant.
Given the timescales involved, we strongly recommend that if you haven’t done so already, you act now to ensure readiness. In the UK, the regulatory body which will oversee the use of, provide advice on and enforce the GDPR is the Information Commissioner’s Office (ICO). You could start by reading ICO’s Guide to the GDPR, which is accompanied by a helpful checklist and recommendation on 12 steps to take now.
At Just Payroll Services, we will be GDPR compliant on the deadline and you can therefore be confident that we are processing your payroll data correctly. Has your business allocated budget and resources to implement governance processes and controls? One of our partners has created a toolkit which contains key resources and guidance to assist organisations in preparing for and complying with the GDPR. This provides guidance notes, implementation materials and template policies and procedures to help you work smarter in achieving and maintaining compliance. For more information, please contact Karen Healy on 01276 780088.
HOT OFF THE PRESS …
The GDPR encourages the use of certification schemes like ISO 27001 to serve the purpose of demonstrating that an organisation is actively managing its data security in line with international best practice.
November saw Just Payroll Services achieve accreditation to ISO 27001, to provide you with further reassurance of the quality and integrity of our service and that our and your information assets are safe and secure.
We’re also delighted that at the same time, we achieved certification to ISO 9001, the world’s most widely-adopted Quality Management System (QMS) and a powerful business improvement tool.