The General Data Protection Regulation (GDPR), which comes into force in the UK on 25 May 2018, builds on our existing Data Protection Act 1998.
It strengthens rules around personal data and requires organisations to be more accountable and transparent.
Payroll, because it handles so much sensitive information about employees, is one of the key HR areas to be affected. But, unfortunately, some questions payroll departments have about the GDPR remain unanswered. Chris Cook, Partner and head of employment & data at SA Law says "if payroll messes up on a data breach, current law gives you discretion on whether to report it to the individuals affected and the Information Commissioner's Office (ICO), but the GDPR requires you to notify the ICO at the very least".