General Data Protection Regulation
No doubt you’ve heard all about GDPR – the General Data Protection Regulation, which comes into force in May 2018.
It’s a game changer for companies around the world, not just in the EU. If you deal with any company that operates within the EU, you’re going to have to comply or risk a large fine AND a lot of bad PR.
With UK Government statistics showing that nearly 7 in 10 UK firms have been hit with some sort of data breach in the past year, the time is now for businesses to take action.
May 2018 is the deadline – so not that long!
Fines for a data breach are some of the largest in the world, and are business-changing. You can find out about them here, they are divided into two tiers –
- Tier 1 – Very serious breach. 4% of the previous year’s global turnover or €20 million, whichever is higher.
- Tier 2 – Less serious breach. 2% of the previous year’s global turnover or €20 million, whichever is higher.
Some companies are treating GDPR like it will never happen, because of Brexit and the UK’s exit from the EU. Big mistake. The UK will be placing this into law irrespective of Brexit.
GDPR will apply to all EU member states from 25 May 2018 – which is before our official exit date. Even after we’ve left, any business will need to be GDPR complaint to operate with business still in the EU, no matter where they are in the world.
Brexit won’t stop GDPR, the government has already confirmed it. And because GDPR is a regulation and not a directive, it automatically comes into law on 25th May 2018 without any country-specific legislative changes.
Don’t leave it too late.
What can you do to ensure that you’re fully prepared for GDPR?
You’ve got less than a year to get ready for the biggest changes to data protection in history. GDPR may be wide reaching, but it’s primary purpose is to deliver;
- Uniformity of data protection laws across the EU
- Major improvements to the use of, storage and accessibility of PII (personally identifiable information) data
How can AccessPay help?
Payments, in particular pay-roll payments, constitute personally identifiable information (PII) and as such come under the scrutiny of the GDPR.
AccessPay can form a key part of your organisations GDPR compliance strategy by allowing you to restrict access to key PII data so that only selected individuals across your organization can access it. Not only that, we can ensure that all of the personal information contained within your payments files is masked.
Under the GDPR, it’s essential that businesses are able to demonstrate data portability, traceability and deletion. Enabling this is likely to involve a cross platform approach that may include an ERP or CRM system or both. AccessPay can form a fundamental part of your GDPR compliant technology suite by integrating with almost all back office systems.
How Does AccessPay restrict visibility of data?
- AccessPay includes a workflow and approvals engine that allows its administrators to set the viewing and approval limits for it’s payments files
- Users are only able to see payroll for designated sections of the business and or up to a set value threshold
- AccessPay’s beneficiary masking tool allows organisations to mask all PII data held within a payments file, ensuring users are completely blind to all data but the transaction value.
GDPR is coming and your business will be affected if you don’t comply.
A step-by-step checklist to help you get ready for changes to data protection laws Easy to understand and put into practice.