0800 0482 737

GDPR Product Compliance

GDPR has established a new set of rights that apply to all organisations that process and handle the data of EU individuals. The Regulation also strengthens some of the rights set out under the Data Protection Act 1998.

We take GDPR as seriously as you do. For this reason, we are working to ensure that our product facilitates the legislative requirements. Our cloud-based solution is fully managed in our secure data centres. We aim to work with you to make sure all your data is migrated quickly and efficiently.

Below you will see details of the new rights and how we are working to ensure our products are GDPR compliant. The table gives an overview of the functionalities soon to be available on the latest version of HRevolution. For existing customers who use a previous version, we will be in touch with you with further details. Alternatively, please contact your normal SD Worx account manager, or get in touch for more information.

GDPR key obligations as stated by the Information Commissioner’s Office (ICO) How SD Worx Software will be compliant

Right to be informed

 Organisations are obliged to provide ‘fair processing information’ which emphasises the need for transparency over how you use the personal data of individuals.

  • Privacy Notice displayed on login to Employee Self Service
  • Privacy Notice displayed on login to mobile app
  • Employee acceptance
  • Viewable at any time
  • Default text available
  • Customisable by the employer

Right of access

 Individuals have the right to access their personal data and other supplementary information and/or obtain confirmation that their data is being processed.

  • Personal information available through HR self service
  • Displayed on employee payslip
  • Data can be extracted by HR / Payroll Administrator

Right to rectification

 Incomplete or inaccurate personal data is entitled to be rectified upon request by the individual the data relates to.

  • Update through Employee Self Service

Right of erasure (also known as the right to be forgotten)

Individuals can request the removal of their personal data where there is no clear reason for its processing. Although data held for lawful basis cannot be removed even if requested.

  • Automatic deletion of payroll information greater than the lawful retention period
  • Automatic deletion of leavers in HR after the lawful retention period
  • The lawful retention period configurable by employer

Right to restrict processing

Individuals have the right to restrict the processing of their personal data. This right does not extend to data required for a lawful basis.

  • Data due to be deleted can be extracted in cases when personal data is required to be retained

The right to data portability

 Individuals have the right to obtain and reuse their personal data for their own purposes across different services.

  • Data can be extracted by HR / Payroll Administrator

Right to object

 Individuals have the right to object to organisations on the basis that their personal data is being processed based on legitimate interests, direct marketing, or for the purposes of scientific/historical research and statistics.

  • Data not used for research purposes
  • Data not used for direct marketing
  • Processing required for performance of contract and to meet legal payroll requirements

Rights related to automated decision making and profiling

 Individuals have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on the individual.
 

  • HR data required for the performance of a contract
  • Payroll processing is authorised by law