General Data Protection Regulation Takes Effect

PayNorthwest Helps You Comply with the EU’s New Data Protection and Privacy Regulations

A new personal data and privacy law, the General Data Protection Regulation (GDPR), goes into effect this week, affecting all organizations who offer goods or services to, or collect data about, EU residents. Adopted in April 2016, the regulation aims to give control of personal data to anyone based in the EU and to simplify the regulatory landscape for organizations doing business in the EU.

GDPR regulations apply to data controllers, which are organizations that collect data, as well as data processors, organizations that process data on behalf of data controllers. Employers, by nature, are data controllers since employee information is required to execute business functions such as payroll, onboarding and performance management. PayNorthwest has taken steps to assure that our software and data processing practices are compliant for any of our clients impacted by GDPR regulations.

How Does GDPR Affect US-based Companies?

GDPR applies to any organization that does business with or collects data about EU residents, regardless of the organization’s physical location or the citizenship of the data subject. Beginning on May 25, 2018, US-based companies that do business with EU residents must be GDPR compliant, which includes:

  • Giving users access to review, correct, export, and delete their data.
  • Establishing procedures to protect, obtain consent for, and keep records of user data that the organization processes.
  • Notifying the affected users of a data breach within 72 hours if the breach affects the user’s privacy.
  • Employing and training cybersecurity professionals in some cases.

PayNorthwest Is Ready

By utilizing a cloud-based HRIS system with employee self-service capabilities, employers are already giving their employees transparency and the ability to update personal information within the scope of the individual’s role in the organization.

Request a demonstration of PayNorthwest’s Payroll and HR system.

In addition, our software partners at Kronos engaged TrustArc, a 20-year veteran of privacy compliance and risk management, to assess current practices and identify enhancements necessary to come into compliance with GDPR.

Key components of TrustArc’s recommendations and PayNothwest’s readiness to comply with GDPR include:

  • An updated Cybersecurity Incident Response Plan, which defines the processes necessary to detect, investigate, contain, and remediate security incidents involving personal information.
  • Business practices that keep appropriate records of data processing activities carried out on behalf of our clients.
  • Updated data flow documentation including a log of the location and purpose of data access.
  • Ongoing compliance monitoring and reporting provided by TrustArc.

Please reach out to your PayNorthwest Customer Service Representative if you have any questions or concerns around the new GDPR, or contact us at to learn more about how our cloud-based HRIS system enhances your organization’s ability to comply with evolving privacy regulations.


Are You Ready for the New DOL Overtime Regulations? Here’s a Handy Checklist!

DOL overtime ruleFrom our partners at Kronos

On May 18th, 2016, the U.S. Department of Labor (DOL) published its final rule updating overtime regulations for U.S. businesses. Effective as of December 1st, 2016, the new rule is expected to extend overtime pay protections to more than four million Americans not currently eligible under federal law.

Now is the time for your organization to start getting ready to comply with the new regulations!

Click here to download our comprehensive readiness checklist. 

It’s About Time

As has been widely reported, the Obama administration and the Department of Labor have proposed adjustments to the Fair Labor Standards Act’s white collar overtime exemptions. The most recent proposed change is to the “salary basis” test. The proposed rule increases the annual salary from $23,660 to $50,440 for an employee who performs exempt duties to be considered exempt from overtime.


This proposed changed, issued on June 30, 2015, represents a pretty significant bump from the previous level and is estimated to potentially impact over 20 million workers. The rule changed also confirms two things previously noted in this blog: 1) the pendulum continues to swing in favor of expanded (some would say renewed) worker’s rights and protections and 2) the renewed importance of measuring worked time.

We offer no comment on item #1 other than noting the trend and offering help to employers on ways to as efficiently as possible manage and administer their human capital in whatever labor market and regulatory environment prevails at the time.


With regard to item #2, we reiterate: time matters. It is quite possible, depending on the nature of your business, that this proposed rule change will add yet another segment of your workforce that you will have to carefully track and monitor their worked hours. It would be good, therefore to review a few key reminders for successfully and efficiently tracking worked hours for your employees:

  1. Capture worked time WHERE is happens When it happens. Avoid having employees report hours after the fact (e.g., filling out a sheet at the end of the week) or having supervisors approve hours from a central administrative office that doesn’t have line of sight of the actual workers posting their hours
  2. Capture time worked electronically from the beginning. Every manner of device is now available for workers to clock in and out including purpose-built badge readers, touch screen time clocks, computer kiosks, smartphones, dial in systems, biometric hand readers, tablets, and more.
  3. Handle time information only once. Find systems that are unified, and if that is not possible, at least interface. Re-keying is death to efficiency and accuracy.iting down their hours, then having a payroll administrator key those hours into a payroll system, then having a benefits person key those same hours in on an ACA report is inefficient, costly, and prone to error.
  4. Make information on worked hours available to those who need it. Make sure employees have visibility to their hours so they can be held accountable. Make sure supervisors can see their direct reports’ hours so they can catch errors early, and make sure managers or department heads can see hours so they can manage overtime and labor budgets, before it is too late.
  5. Let your system manage rules, reminders, and notifications. With increased importance around worked hours and the increasing array of regulatory rulings that hinge on worked hours (salary-based overtime exemptions, Affordable Care Act applicable large employer mandates and reporting, municipal and state mandated sick leave policies, FMLA among others), effective HR and payroll managers lean on their systems to remember deadlines, notify about thresholds, and manage complex and often interconnected labor regulations.


This latest proposed rule change, scheduled to go into effect in 2016, is the latest, but certainly not the last, change for employers to manage with respect to administering their workforce. Successful employers will continue to invest in smart automation and time capture solutions to continue to profitably operate their enterprises, remain complaint, and compete effectively.