9 October 2017
Exactly who should be responsible for data protection within an organisation? Should it be a matter for C-level staff only? Or the IT department? The sales and marketing department collecting customer information? Or is it time to appoint a dedicated Data Protection Officer?
The EU’s General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. It applies to any organisation that processes the personal data of EU citizens regardless of where they are situated. Brexit won’t let UK companies off the hook as the government has announced that the legislation will be brought into UK law.
GDPR enhances and extends current privacy laws. For example, existing data subject rights to receive a copy of data and the right to rectification are extended with shorter time limits for compliance. There are also new rights such as the right to erasure (although these aren’t quite so broad as the much-discussed right to be forgotten) and there are new obligations to report any breaches. In all, it covers around 250 pages which at times lapse into vagueness, so despite its importance it very much requires business to work through it, taking guidance from local bodies and deciding how to adapt working practices in order to conform.
The potential fines have been described as ‘eye-watering’ alongside the reputational risk of being found as non-compliant has focused minds around this issue of responsibility. As a result, many companies have reached a consensus – to make this change happen successfully Human Resources have a key, if not leading role to play.
I would agree. While it may in the short term appear to be a burden, especially as time frames are becoming short, I believe HR teams will rise to the challenge, transforming a chore into a positive initiative. The creation of rigorous guidelines for personnel data will then act as a template for other data held such as information on customers and prospects.
The HR department is already the custodian of the employee interest and engagement, they are also used to leading organisational wide change programmes. Because of all of this they attract a certain degree of trust and confidence which is necessary to ensure that the organisation’s colleagues buy in to the steps being taken to protect their data as well as that of their customers. At the same time as considering the financial and reputational impacts of noncompliance, everyone should consider the impact to employee confidence in their employer should there be a loss or miss handling of HR data.
HR will be familiar with current data protection laws and the processes an organisation has in place to support them. It’s important to know what processes are already in place so that these can be extended to cover the new legislation.
Each business will have to work out how the legislation impacts them and then work out the policies, processes and procedures that must be changed to support the legislation. HR teams are accustomed to writing policy, creating processes and communicating them so that everyone can follow. They are also the experts in training staff too - a necessary task so that everyone understands why certain steps are taken.
They also have good knowledge of risk and employee behaviour. They will understand that staff requests to view data are bound to grow and be more than capable of dealing with this increase, preferably through clear, well-defined paths of communications and strong process.
It must be remembered that GDPR is still a business-wide challenge and privacy and security measures need to be integrated into processes across the board. There’s no doubt that IT departments will need to work closely with HR – especially as to where data is being held and how to access it. The new right to erasure will require knowledge of any hidden silos of information and potentially technical expertise to remove or archive it. Getting a clear data retention policy is a time-consuming process as the legislation doesn’t in anyway override the need to keep other records for other legal purposes such as that of auditing payments, etc. The benefits of getting this right give your teams a clear guide on what to hold and for how long and really take the ambiguity out of some of the decision-making process.
Personally, I can’t remember another security and data protection initiative that has focused and led to such engaging and open conversations. The level of transparency we are seeing between our organisation, our suppliers and our customers is at an all-time high and personally I believe this is leading to greater confidence in the supply chain and stronger relationships. So, it’s important not to focus on the fines for non-compliance, but rather the positive results – the focus on driving greater collaboration between the internal units of the business and also externally with customers, partners and suppliers. If HR can lead the way, championing this positivity and showcasing their expertise in personal data issues it can only be good for them – and for the business.
We’ve been working with our customers who are implementing GDPR for a while now and the level of activity is ramping up now May 2018 is in sight. There’s no doubt that adoption is not just about data security – it’s an opportunity for cultural change and a new way of working.
The UK prime Minister announced new lockdown restrictions in response to increasing Coronavirus cases. What do the new restrictions mean for payroll and HR professionals in the UK? Find out more in our blog.P. Simon Parsons - 2 November 2020
The government has announced the launch of policies and measures to protect jobs where businesses are facing lower demand over the winter months due to the Covid-19 pandemic. Learn all about the job Support Scheme and whether you are eligible.12 October 2020
It might have been costly to change payroll suppliers twenty years ago, but thanks to modern technology it doesn’t cost nearly as much as resource and time as you might think. Uncover the truth in our blog.14 September 2020
Every year UK businesses lose £12 billion from payroll fraud. In this blog we’ll explain the common types of payroll fraud and share tips on how to stop it from happening to your business.14 September 2020
Simon Parsons, Director of Compliance strategies, SD Worx UK, responds to the Government’s new advice regarding payrolling benefits in kind.9 September 2020
Simon Parsons, Director UK Compliance Strategies, SD Worx UK & Ireland, discusses the Government’s Kickstart scheme which aims to create thousands of jobs for young people across the UK.9 September 2020
HM Revenue and Customs (HMRC) has updated guidance in readiness for the commencement of the second part of the Coronavirus Job Retention Scheme (CJRS). Simon Parsons, Director of Payments, Benefits & Compliance Strategies at SD Worx UK, shares his interpretation of the changes and what this could mean for employers.P. Simon Parsons - 15 June 2020
Our resident payroll and legislation guru answers your questions about furlough and SSP.29 April 2020
We’ll help you make sense of the government’s advice on Statutory Sick Pay and taking care of your employees during COVID-19.24 March 2020
There have been many publications about the Good Work Plan over the past 18 months and it can be confusing to work through complex, legislative documentation to understand how you stay compliant. While the good work plan covers many topics, this blog aims to take you through one aspect of this, Holiday Pay, and asks the simple question – are you ready for the changes?29 October 2019
If you want to learn best practice in handling data in light of the General Data Protection Regulations (GDPR), you can do no better than to look at DuPont. Now part of science giant DowDuPont following a merger last year, data is part of the DNA of the organisation and it has a long history of embedding data protection into its culture.8 March 2018
Here are the top five lessons on implementing GDPR from the session with Gert Beeckmans, Chief Risk and Security Officer at SD Worx, and Frank Rudolf, Director of Payroll at PAREXEL from the SD Worx European Conference 2018, held in London on 6th February.2 March 2018
With just three months to go until the General Data Protection Regulation (GDPR) comes into force, the clock is ticking for HR and payroll managers to get the systems and processes in place to ensure compliance. The regulation, coming into effect on 25 May 2018, updates data rights for today’s networked world, and organisations ignore it at their peril.1 March 2018
Clark Hoy, Business Development Manager at SD Worx UK & Ireland shares his top tips for all the new dads and dads to be (D2B) regarding all things paternity!26 February 2018
Retention of the personal data is ‘lawful basis’ where it is necessary, for compliance with a legal obligation, for the exercise or defence of legal claims. For Payroll and HR reasons, employers must hold and retain personal information about their employees and former employees to meet these legal requirements.4 December 2017
GDPR is set to see the biggest shake-up in the way we handle data since the Data Protection Act of 1998. Over the last few years, the processing and control of data has seen many systematic changes. Updated legal obligations set out in the Regulation such as the ‘lawful basis’ of the processing of data is sure to see more changes to data handling.27 November 2017
Read Simon Parson's latest blog where he answers the frequently asked question: 'Do you know if HMRC are likely to want us to include more options for employees that may be transitioning or don’t identify themselves with either gender?'23 November 2017
Increasingly within global organisations we see that individuals have increasing international activity throughout a business’ empire with differing national fiscal obligations. Impact on employees and compliance with a variety of national fiscal government obligations brings into play significant complexities. Some will be available within Payroll Software or service, whereas others, a little more obscure, may require special handling. For UK Payroll, there are a variety of variants (to the normal) Pay As You Earn (PAYE) obligations.6 November 2017
In order to get to understand Alabaster, we recommend that you know a little about the case precedent behind it.2 October 2017
Our Head of Legal, Leon Daniel, has written some useful information on GDPR and what it might mean for your organisation. This is the second of a series of articles on the steps we are taking at SD Worx to ensure GDPR compliance.14 August 2017
Our Head of Legal, Leon Daniel, has written some useful information on General Data Protection Regulation (GDPR) and what it might mean for your organisation. This is the first of a series of articles on the new Regulation and will cover the steps we are taking at SD Worx to ensure GDPR compliance.7 August 2017
Part two of our blog, our Commercial Director John Cusack and Business Development Manager Steve Knapman, built upon the information outlined by Mercer in part 1 – and discuss how SD Worx’s analysis tools can provide you with in-depth statistics on the gender pay gap. Read more on some of the useful points that we took away from the webinar...10 July 2017
Minimum pay is governed by employment law, and breach is criminal; HM Revenue & Customs are charged with policing its application based on a number of significant factors and structures. In this blog, our Director of Payment, Benefits & Compliance Strategies, Simon Parsons, discusses critical touch points for compliance and recent payroll error examples regarding this legal requirment.3 July 2017
The gender pay gap has been a hot topic for years, dominating discussion in the media and in boardrooms. Seemingly refusing to close, the gap stood at 9.4% in 2016, down from 17.4% in 1997. While the UK is getting nearer and nearer to gender parity in pay, figures suggest it still has a long way to go...19 June 2017
2017 is going to be both interesting & challenging. With Brexit and changing government leadership much is to be done and quickly. Now is the time for the business to come together and plan for change...2 March 2017
In August 2016, HMRC launched a ‘Consultation on salary sacrifice for the provision of benefits in kind’. The indication is to bring in law changes from April 2017.11 October 2016
Often once the deal is done you can’t see the lawyers for dust, so if you receive notice from a supplier or customer that they have been acquired, or if you have been acquired yourself, what do you need to do to keep your current contracts in order?3 October 2016
The way the government funds apprenticeships in England is changing. The 6th April 2017 sees the introduction of a new employment tax on United Kingdom employers. Scotland Wales and Northern Ireland, each having their share of the levy, will have to decide how apprenticeship spending will take place. In this blog I cover some key points that employers should be considering in order to prepare for the upcoming changes...5 September 2016
As a union, the UK has voted to leave the European Union with some Scottish politicians hinting of a further independence referendum, and some in Northern Ireland wanting a joint Irish nation! At the same time, Job Centre Plus has run out of National Insurance numbers and in June 2016, decided in to start issuing NINOs with prefix ‘KC’ - but there is an issue with this...15 August 2016
With the result of the UK referendum to leave the European Union and indication by Scotland's first minister to run a further Devolution referendum, Simon Parsons considers the potential implications for the next few years for Scotland and Payroll services...8 August 2016
So the nation has chosen to progress leaving the EU with a popular vote of 52%. So what's changed, apart from volatility in currency and stock markets? And what major action do we see impacting payroll?26 July 2016
The National Living Wage (NLW) became compulsory for employees aged 25 and above, at a new minimum rate... Have you considered the implications and reviewed your maternity leave payments and made top-ups of SMP?27 June 2016
April 2016 saw some of the most significant legal changes to impact payroll operations and software. I would venture that this year’s new changes have been some of the most impactful yet, more so than the introduction of Real Time Information (RTI). New requirements for Scotland including the Scottish Rate of Income Tax and changes to Earnings and Maintenance Arrestments. A revolution in national insurance with the removal of Contracting out and Under 25 Apprentice NICs being introduced. The list can go on.13 June 2016
Following the judgement of the Employment Appeal Tribunal (9th March 2016), the question of salary sacrifice and maternity rights has been thrown into question! Was HMRC errant in providing guidance? Are employers now off the hook with provision of non-cash benefits in kind during maternity?16 May 2016
In the 2015 Queens speech, the Government set out to create 3 million new apprenticeships by 2020. As part of the Enterprise Bill, apprenticeships would gain the same legal treatment of degrees. ‘The Richard Review’ brings new standards being developed by ‘trailblazers’ and new funding trialled giving employers greater control over spend on training delivery.11 April 2016
We thought 2013 was busy with the introduction of Real Time Information, but looking back it now seems a doddle! 2016 is proving to be one of the most substantial change years ever for payroll, software and service providers and especially payroll managers. Never before have I seen such a wide, heavy plethora of change. Now seems a good time to start the preparations in earnest and put the brain in gear...25 January 2016