SITA 'not institutionally ready' for IoT

SITA ready
for IOT?

SA State IT Agency
outlines strategy.

Saturday, Dec 15th

How to prepare your African business' payroll for GDPR

How to prepare your African business' payroll for GDPR

The General Data Protection Regulation (GDPR) is the greatest shake up in privacy legislation for over 20 years. With enforcement due from 25 May 2018, it is designed to give EU citizens more control over their private data. The legislation covers measures for all and any Personally Identifiable Information (PII).

Whilst GDPR might be EU based, it forces organisations - wherever they are in the world - to comply with its requirements where EU citizen data is concerned. This means that any company that either employs people from the EU and/or does business in the EU, must comply. Companies that fail to do so can be subjected to large penalties - potentially reaching beyond €20 million.

Even if your business doesn't currently fall into one of the abovementioned categories – if you are planning on doing business in Europe in future, or are considering hiring EU expats, you'll benefit greatly from making sure your processes are compliant, ahead of time. Further down the line, this will prevent delays when your business is ready to grow.

What this means for global HR and payroll teams

By its nature, the payroll process involves a lot of personal information. As such, GDPR adds complexity to existing processes and new responsibilities that HR and payroll leaders will have to manage.

Employees and job applicants will now need to be given privacy notices specifying what their personal data is being used for, and whether it will be transferred outside of the EU. If it does have to be transferred, payroll managers will have to ensure this is done in line with regulations.

If a company outsources its HR and payroll processes, complying with GDPR legislation becomes a shared responsibility between the two. The payroll provider must be able to implement technical and organisational measures to protect data and assist with compliance. For example, the provider needs to ensure that all stored data, software and data backups are encrypted and secure. By contrast, the company's data controller is responsible for, and must comply with, the core principles of GDPR.

Top tips to prepare for GDPR

GDPR is about clarifying where PII is, in any given organisation. Businesses must conduct an inventory of how information is collected, stored, managed and used moving forward. This means that the entire payroll process must be reviewed in order to get ready for GDPR.

First, you need to know who in your organisation is handling vulnerable information and determine whether their access to it is business critical. If they don't need access, it is time to cut them off. By reducing the number of employees who have access to sensitive information, you will reduce the scope of GDPR across your organisation.

GDPR can be an opportunity to analyse what data is crucial to your business. This level of scrutiny can help to drive business priorities and decisions moving forwards and will also help to focus your efforts on collecting, securing and storing only that information.

Employee awareness is also an important part of any successful GDPR preparation strategy. All staff (employees and contractors) need an appropriate level of awareness depending on their involvement in handling personal data. Some organisations have seen success in appointing GDPR 'champions' who can run awareness campaigns. Involving your staff can go a long way to ensure that everyone is aware of how their job is affected by GDPR.

For most organisations, now is a critical time. By working with your payroll software company, you can be on your way to becoming compliant much quicker than doing it on your own.

By asking the right questions and preparing your organisation, GDPR doesn't have to be a headache. The guiding principle behind the legislation is simply knowing where your PII is. If you don't know, find out now, and you'll on your way to being GDPR ready.

* By Warren van Wyk, Director, PaySpace.


SA's AMA.ZING calls it quits on Zimbabwe Published on 13 December 2018

Citing unsustainable operating conditions, AMA.ZING has announced its decision to withdraw from Zimbabwe.

Namibia to improve ease of doing business Published on 10 October 2016

ICT one of several key imports characterising ongoing and growing trade between the two Southern African countries.

Entersekt gains early certification for e-commerce authentication solution Published on 13 December 2018

Entersekt has gained EMVCo certification for its 3-D Secure 2 access control server.

SA's channel space to shrink in 2019 say experts Published on 03 December 2018

Opposite is true for other regions in Africa, including Ghana, Kenya, Mauritius and Uganda.