Skip to the main content.

2 min read

General Data Protection Regulation (GDPR) Takes Effect

General Data Protection Regulation (GDPR) Takes Effect

PayNorthwest Helps You Comply with the EU’s New Data Protection and Privacy Regulations

A new personal data and privacy law, the General Data Protection Regulation (GDPR), goes into effect this week, affecting all organizations who offer goods or services to, or collect data about, EU residents. Adopted in April 2016, the regulation aims to give control of personal data to anyone based in the EU and to simplify the regulatory landscape for organizations doing business in the EU.

GDPR regulations apply to data controllers, which are organizations that collect data, as well as data processors, organizations that process data on behalf of data controllers. Employers are, by nature, data controllers since employee information is required to execute business functions such as onboarding, payroll and performance management. PayNorthwest has taken steps to ensure that our software and data processing practices are compliant for any of our clients impacted by GDPR regulations.

How Does GDPR Affect US-based Companies?

GDPR applies to any organization that does business with or collects data about EU residents, regardless of the organization’s physical location or the citizenship of the data subject. Beginning on May 25, 2018, US-based companies that do business with EU residents must be GDPR compliant, which includes:

  • Giving users access to review, correct, export, and delete their data.
  • Establishing procedures to protect, obtain consent for, and keep records of user data that the organization processes.
  • Notifying the affected users of a data breach within 72 hours if the breach affects the user’s privacy.
  • Employing and training cybersecurity professionals in some cases.

PayNorthwest Is Ready

By utilizing a cloud-based HRIS system with employee self-service capabilities, employers are already giving their employees transparency and the ability to update personal information within the scope of the individual’s role in the organization.

In addition, our software partners at Kronos engaged TrustArc, a 20-year veteran of privacy compliance and risk management, to assess current practices and identify enhancements necessary to come into compliance with GDPR.

Key components of TrustArc’s recommendations and PayNothwest’s readiness to comply with GDPR include:

  • An updated Cybersecurity Incident Response Plan, which defines the processes necessary to detect, investigate, contain, and remediate security incidents involving personal information.
  • Business practices that keep appropriate records of data processing activities carried out on behalf of our clients.
  • Updated data flow documentation including a log of the location and purpose of data access.
  • Ongoing compliance monitoring and reporting provided by TrustArc.

Please reach out to your PayNorthwest Customer Service Representative if you have any questions or concerns around GDPR, or contact us at info@paynorthwest.com to learn more about how our cloud-based HRIS system enhances your organization’s ability to comply with evolving privacy regulations.

 

User Experience
Washington State At-Will Employment: What You Need to Know

Washington State At-Will Employment: What You Need to Know

Washington State is an At-Will Employment State. That means that employers do not need to provide cause or give notice before firing an employee....

Read More
Payroll Best Practices for Cannabis Businesses

Payroll Best Practices for Cannabis Businesses

The cannabis industry is one of the fastest-growing industries in the world, and with that growth comes a number of challenges, including payroll. ...

Read More
Employee Data Privacy: Why It's Important

Employee Data Privacy: Why It's Important

In today's interconnected world, where data drives decisions and shapes strategies, the importance of safeguarding employee data privacy cannot be...

Read More