1. The webinar covered how GDPR affects payroll processing and compliance. Personal employee data must be collected and processed lawfully, securely stored, and deleted after the required retention period. 2. Under GDPR, contracts are required between data controllers and processors. Payroll bureaus should work with clients to ensure data processor agreements are in place that outline each parties' obligations regarding employee data. 3. In the event of a data breach, businesses must notify the Data Protection Commissioner within 72 hours if the breach poses a risk to employees. Non-compliance with GDPR can result in substantial fines.