Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Payslip gdpr deck nov 2017

66 views

Published on

The General Data Protection Regulation (GDPR) significantly increases the obligations and responsibilities of organizations and businesses in how they collect, use and protect personal data of EU citizens

Published in: Business
  • Be the first to comment

  • Be the first to like this

Payslip gdpr deck nov 2017

  1. 1. The General Data Protection Regulation (GDPR) significantly increases the obligations and responsibilities for organizations and businesses in how they collect, use and protect personal data of EU citizens Transparency Security Accountability GDPR comes into force May 25th 2018 GDPR emphasizes:
  2. 2. 2 Definitions
  3. 3. 3 WHAT IS PERSONAL DATA? 3
  4. 4. 4 “Personal data” means any information relating to an identified or identifiable natural person (data subject) natural person is one who can be identified, directly or particular by reference to an identifier such as a name, number location data an online identifier or to one or to the physical, physiological, genetic, mental, identity of that natural person;
  5. 5. 5 WHAT IS A DATA CONTROLLER? 5
  6. 6. 6 A person who (either alone or jointly or in common with other persons) determines the purposes and which any personal data is or is to be
  7. 7. 7 WHAT IS A DATA PROCESSOR? 7
  8. 8. 8 In relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller
  9. 9. 9 KEY IMPACTS • Territorial Scope • Fines & Enforcement • Security Breach Reporting • Privacy by Design • Data Protection Impact Assessments (DPIAs) • Elevated threshold for consent • Records of Processing Activities • Data Protection Officers (DPO) • Data Processors & Vendor Management
  10. 10. 10 TERRITORIAL SCOPE Organizations outside of the EU who process personal data belonging to EU citizens will fall under the rulings of GDPR
  11. 11. 11 FINES & ENFORCEMENTS In addition to the fines, data subjects well have the right to sue for material and non-material damages as a result of a data privacy breach FINES FOR NON-COMPLIANCE €10 million or 2% of total worldwide annual turnover €20 million of 4% of total worldwide annual turnover
  12. 12. 12 SECURITY BREACH REPORTING Breaches must be notified to the relevant supervisory authority within 72 hours
  13. 13. 13 PRIVACY BY DESIGN • Privacy by design must be included in internal if you collect, retain and personal information of citizens
  14. 14. 14 DATA PROTECTION IMPACT ASSESSMENTS (DPIAS) • DPIAs will be mandatory in all projects where “high risk” data processing occurs including large scale processing of sensitive data 14
  15. 15. 15 ELEVATED THRESHOLD FOR CONSENT • Consent under GDPR must be specific, informed and freely given. It must also be explicit requiring a statement to be obtained from the individual 15
  16. 16. 16 RECORDS OF PROCESSING ACTIVITIES • The right to be forgotten • Right to restriction of processing • Right to data portability
  17. 17. 17 DATA PROTECTION OFFICERS (DPO) DPO’s are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR 17
  18. 18. 18 DATA PROCESSORS & VENDOR MANAGEMENT Increased obligations on processors and make them liable for breaches 18
  19. 19. 19 DATA SHARING EXPOSURE Data Sharing Exposure Staff – HR, Finance, IT Global payroll contracting partners ICP Software providers – Marketing & Sales Cloud Services
  20. 20. 20 PRACTICAL STEPS FOR PAYROLL PROFESSIONALS REVIEW HR AND PAYROLL DATA PROCESSES MINIMISE THE DATA YOU HOLD DOCUMENT THE DATA FLOW SHARING DATA BREACH REPORTING PROTECTING THE DATA, YOU STORE 1 2 3 4 5 6
  21. 21. 21 For more information on GDPR & Payslip contact us hello@payslip.com IRL: + 353 1 443 4820 USA: +1 401 484 6568

×