The General Data Protection Regulation (GDPR) legislation takes effect from May 25th 2018. The breadth and depth of this EU wide legislation is onerous to say the least and not solely because of how this will affect marketing operations. The rules quite bizarrely apply to any EU citizen even if they are based in the US.
From an accounting perspective there are particular sensitivities around payroll. It is highly likely all payroll information will have to be sent by encrypted email. As with all compliance programmes the test cases will define the longevity of the legislation as it currently stands but equally the rules will almost certainly evolve over a period of time, that being said, compliance programmes tend to expand their remit versus ever being decreased.
It ought to be especially noted that employees will have the right to find out any HR related personal data kept about them, why that is processed and where it is held. This data explicitly per GDPR may not be used for any purpose at all without direct employee consent to do so. Clearly therefore in addition very careful consideration must be given to the physical storage of personal data.
Fines for non compliance are stated at up to 4% of an organisation’s global turnover and given the commercial success of recovery companies with mis-sold financial services claims in recent years there is every incentive and precedent in place for potential litigation.