In less than six months, the General Data Protection Regulation (GDPR) takes effect in the EU – May 25, 2018. In short, the GDPR is a data privacy regulation designed to “significantly increase the obligations and responsibilities for organizations and businesses in how they collect, use, and protect personal data of EU citizens.”
During the free Global Payroll Management Institute (GPMI) webinar “GDPR: What Does the European General Data Protection Regulation Mean for Global Employers?”, which is currently available on demand, Payslip CEO Fidelma McGuirk talked about the important concepts within the GDPR, the specific rights within it, and how it will impact companies managing their personal data moving forward.
“Looking at payroll, it means that data relating to the employees that you have within the EU, all of that data is covered by this regulation,” McGuirk said.
To start, McGuirk explained that the GDPR was introduced in the EU as a regulation, not as a directive. This means the GDPR will replace the data protection directive of 1995 and will be one uniform standard implemented across all EU countries.
“For those of us with employees … in different EU countries, it actually enables a smoother implementation of data compliance procedures,” McGuirk said.
She said the GDPR will provide people with more control of their personal data. It is a regulation that protects the privacy rights of individuals and establishes strict global privacy requirements governing how employers (and organizations that collect data) protect personal data, all while respecting personal choice.
“It ensures that every employer or organization is fundamentally accountable for what they do with that data,” she said.
During the webinar, McGuirk reviewed individual rights under the GDPR in detail that include the right to:
- Information
- Access
- Rectification
- Erasure
- Processing restrictions
- Data portability
- Objection
- Anything related to automated decision-making and profiling
McGuirk also covered the core principles of the GDPR, which are:
- Principles relating to processing of personal data
- Lawfulness of processing
- Conditions for consent
- Conditions applicable to child’s consent in relation to information society services
- Processing of special categories of personal data
- Processing of personal data relating to criminal convictions and offences
- Processing which does not require identification
“[The GDPR] provides uniformity for us,” she said. “It emphasizes transparency, security, and accountability.”
Kiko Martinez is the Associate Editor for the American Payroll Association and for the Global Payroll Management Institute. He has 15 years of experience in journalism and public relations.