1. Home>
  2. Resources>
  3. Compliance and Security>

What is GDPR?

-Reading time: 4 Minutes
privacy_1200x800

Our Head of Legal, Leon Daniel, has written some useful information on General Data Protection Regulation (GDPR) and what it might mean for your organisation. This is the first of a series of articles on the new Regulation and will cover the steps we are taking at SD Worx to ensure GDPR compliance.

    What is GDPR?

    GDPR is a new piece of European legislation that was finally adopted on 27th April 2017 after several false starts. It will come into force on 25th May 2018 across Europe, and it will apply not only to any organisation situated in the EU, but also to any organisation that processes the personal data of EU citizens regardless of where they are located.

    The key difference of the GDPR compared to the existing data privacy laws is that it also applies to data processors who will be directly liable with data controllers (owners of data) for GDPR breaches.

      What about Brexit?

      GDPR will apply in the UK regardless of Brexit. The Queen’s stated the Goverrnment's plans during the opening of parliament where her majesty said: A new law will ensure that the United Kingdom retains its world-class regime protecting personal data… and we expect that the Repeal Bill will be used to bring GDPR into law for the UK.

        So, what is it exactly?

        GDPR takes many of the concepts under existing privacy laws and enhances and extends them. Existing data subject rights, such as the right to receive a copy of the data and the right to rectification are extended for example with shorter time limits for compliance.

        There are also a set of new data subject rights such as the right to erasure (not quite as broad as the much-discussed right to be forgotten), and data portability.

        Other big changes include a right to self-report any breaches, special rules for processing children’s data, new categories of sensitive data and the requirement to give specific information to individual data subjects about what will happen to their data.

          The cost of non-compliance

          The supervisory authorities have powers under GDPR to order organisations to pay compensation to data subjects.

          They also have the power to administer substantial fines against both data controllers and data processors. The numbers are high (maximum being the higher of 4% of global turnover or €20m) and so have grabbed attention. However, whilst the size of fines is intended to be “dissuasive”, the authorities are also required to take into account the behaviour of the organisation and to fine accordingly.

          Therefore it is right and proper that our reaction to the legislation should be to take a broad risk-management approach and to invest in our security.

            The cost of compliance

            As you start looking into GDPR, you will find that it will impact more of your organisation than you originally thought. It will also take you longer to get compliant than you can imagine. This article will undoubtedly raise more questions than it has answered, but what is clear is that you will have to make investments in your security systems and processes and it is key to ensure that these investments are made in the right areas.

            In this series of articles, I will share with you the journey that we are taking here at SD Worx to ensure GDPR compliance.

              Related articles

              How GDPR effects non-EU based HR teams
              Blog

              How to prepare for GDPR: the clock is ticking!

              With just three months to go until the General Data Protection Regulation (GDPR) comes into force, the clock is ticking for HR and payroll managers to get the systems and processes in place to ensure compliance. The regulation, coming into effect on 25 May 2018, updates data rights for today’s networked world, and organisations ignore it at their peril.

              2018-03-01
              ISO
              Blog

              Don’t believe the hype! Lip service with the ISO 27001 standard

              As an employee who has the privilege of representing SD Worx to an awful lot of prospective clients, I get to hear what’s important to the market straight from key decision makers.

              ISO 27001, and data security in general, is one of the hottest topics in our market space.

              2018-01-05
              When should local payroll go global?
              Ebook

              When should local payroll go global?

              You’ve got a good relationship with your payroll supplier. They understand you, support you, they’re your hero and your rock at the end of every payment run. But… What if there’s something better out there? What about moving to a global payroll provider?

              An exclusive relationship isn’t the only option…