The General Data Protection Regulation (GDPR) significantly increases the obligations and responsibilities of organizations and businesses in how they collect, use and protect personal data of EU citizens
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Payslip gdpr deck nov 2017
1. The General Data Protection Regulation (GDPR) significantly
increases the obligations and responsibilities for
organizations and businesses in how they collect, use and
protect personal data of EU citizens
Transparency Security Accountability
GDPR comes into force May 25th 2018
GDPR emphasizes:
4. 4
“Personal data” means any information relating to an
identified or identifiable natural person (data subject)
natural person is one who can be identified, directly or
particular by reference to an identifier such as a name,
number location data an online identifier or to one or
to the physical, physiological, genetic, mental,
identity of that natural person;
8. 8
In relation to personal data, means any person (other
than an employee of the data controller) who processes
the data on behalf of the data controller
9. 9
KEY IMPACTS
• Territorial Scope
• Fines & Enforcement
• Security Breach Reporting
• Privacy by Design
• Data Protection Impact
Assessments (DPIAs)
• Elevated threshold for
consent
• Records of Processing
Activities
• Data Protection Officers
(DPO)
• Data Processors & Vendor
Management
11. 11
FINES & ENFORCEMENTS
In addition to the fines, data subjects well have the right to sue for material and
non-material damages as a result of a data privacy breach
FINES FOR NON-COMPLIANCE
€10 million
or 2% of total
worldwide annual
turnover
€20 million of 4%
of total worldwide
annual turnover
13. 13
PRIVACY BY DESIGN
• Privacy by design must
be included in internal
if you collect, retain and
personal information of
citizens
14. 14
DATA PROTECTION IMPACT ASSESSMENTS
(DPIAS)
• DPIAs will be mandatory in
all projects where “high risk”
data processing occurs
including large scale
processing of sensitive data
14
15. 15
ELEVATED THRESHOLD FOR CONSENT
• Consent under GDPR must be specific, informed
and freely given. It must also be explicit requiring
a statement to be obtained from the individual
15
16. 16
RECORDS OF PROCESSING ACTIVITIES
• The right to be forgotten
• Right to restriction of processing
• Right to data portability
17. 17
DATA PROTECTION OFFICERS (DPO)
DPO’s are responsible for
overseeing data protection
strategy and implementation
to ensure compliance with
GDPR
17
18. 18
DATA PROCESSORS & VENDOR MANAGEMENT
Increased obligations on
processors and make them
liable for breaches
18
19. 19
DATA SHARING EXPOSURE
Data Sharing
Exposure
Staff – HR,
Finance, IT
Global payroll
contracting
partners
ICP
Software
providers –
Marketing &
Sales
Cloud
Services
20. 20
PRACTICAL STEPS FOR PAYROLL PROFESSIONALS
REVIEW HR AND
PAYROLL DATA
PROCESSES
MINIMISE
THE DATA
YOU HOLD
DOCUMENT
THE DATA
FLOW
SHARING
DATA
BREACH
REPORTING
PROTECTING
THE DATA,
YOU STORE
1 2 3 4 5 6
21. 21
For more information on GDPR & Payslip
contact us
hello@payslip.com
IRL: + 353 1 443 4820
USA: +1 401 484 6568
Notas del editor
“Personal data” means any information relating to an identified or identifiable natural person (data subject)
an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number location data an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Fines for non-compliance:
€10 million or 2% of total worldwide annual turnover (whichever is greater)
€20 million of 4% of total worldwide annual turnover (whichever is greater)
In addition to the fines, data subjects well have the right to sue for material and non-material damages as a result of a data privacy breach,