1. Home>
  2. Resources>
  3. Compliance and Security>

First Steps Towards GDPR Compliance


Our Head of Legal, Leon Daniel, has written some useful information on GDPR and what it might mean for your organisation. This is the second of a series of articles on the steps we are taking at SD Worx to ensure GDPR compliance.

First Steps Towards GDPR Compliance

In the first blog in this series What is GDPR, I wrote:

As you start looking into GDPR, you will find that it will impact more of your organisation than you originally thought.

I am confident in making this statement as this is what happened here at SD Worx as we got deeper into our GDPR Readiness programme.

After notifying the Board, our first step was to assemble a readiness team that covered all relevant areas of the business. Each business area became a work stream, with a senior work stream lead, and each work stream developed its own action plan with milestones.

You will see below a link to a genericised version of our work stream pack which may assist you in establishing your own work streams and action plans. This is a description of the business areas within SD Worx UK that we consider need to be engaged in GDPR readiness and why.


The systems and technical processes that we use to process personal data will be key to our compliance with GDPR. We have secured a considerable budget to enhance our IT security, and we have obtained ISO 27001 certification for the whole of our business which is a significant measure in ensuring GDPR compliance.

Data flow, Privacy by design and Privacy Impact Assessments are all covered by the IT work stream.


Whether we are providing a managed service or SAAS, we need to ensure that our products enable GDPR compliance. Product enhancement will cover not only our own products, but also 3rd party products that we supply.


Where our product systems cannot provide automatic GDPR compliance, we will need to wrap around operational delivery processes that do. New or enhanced operational processes will require colleague training.

Supplier management

Privacy impact assessments will need to be carried out for relevant suppliers who process personal data on our behalf. Appropriate policies and controls will need to be put in place and supplier compliance with such policies monitored.


Whilst sales don’t have a long list of actions, numerous questions from existing customers and prospects has served as an early warning system to the need for education and training of our sales teams.


Legal have been instrumental in creating awareness, and in education and training. More tangible actions will include incorporating a new Data Privacy Agreement into all customer contracts to ensure compliance with GDPR and to give assurances to customers.


GDPR has necessitated a high degree in investment in our systems and processes. Commercial are considering to what extent these costs have created value for our customers and therefore could be passed on in pricing.

Marketing and Communications

We have developed “Think, Check, Act” as an internal awareness programme and have focused equally on internal and external awareness and knowledge building. Privacy notices will need to be GDPR compliant.

Learning and Development

Training at some level will need to be delivered to all colleagues. In addition, we will be developing a certification scheme for operational delivery colleagues.

You may have more or fewer parts of the business for whom you consider GDPR is relevant. You are welcome to use our base material in the creation of your own work stream pack.

    Related articles

    Payroll Outsourcing: Work smarter, not harder:

    Payroll outsourcing | Work smarter, not harder

    Outsourcing payroll is very much on the rise. It is now in the top 3 most desired outsourcing projects with 4 in every 10 HR leaders saying they want to introduce this in their own organisation. These key trends were taken from our latest Future of Work & People report when we researched the challenges and priorities of almost 3,000 senior HR leaders across Europe.

    man in pak op een bank

    The complete guide to outsourcing your payroll in 2021 [Free 121 business case support]

    The concept of outsourcing your payroll is highly appealing. Businesses effectively gain more expertise, experience and resources, and it costs them less.

    vrouw die werkt

    5 implementation steps to ensure your outsourced payroll transition goes smoothly

    The prospect of handing over responsibility for your payroll to an outsourced partner can be daunting enough, without having to worry about something going wrong during the transition. That’s why implementation has to go smoothly.