Submit An Inquiry

Global Payroll Resources

Managing the Impact of GDPR on Remote Workers

Sep 6, 2018  | Tag: Compliance

The General Data Protection Regulation has been in effect since May; however, the full impact and implications of GDPR are still to be seen and understood. Although companies around the world have been preparing for the new regulations for years, it is estimated that as many as 80% of affected organizations will fall short of the legislation’s data protection requirements. So it’s important to continue assessing risk and making necessary changes to ensure compliance.

The implications of GDPR on remote workers is an area of unique concern, and one that likely didn’t receive the same attention as in-office employees. As the rate of remote, flexible, and contingent workers is on the rise, however, companies will benefit from investing time in understanding the associated risks and putting policies in place to mitigate them.

It’s Complicated

Defining and addressing the specific risks around remote workers remains a challenge, not only because of the broad reach of GDPR but also because many of the finer details are yet to be clarified. For example, what is the responsibility of a US-based organization collecting or processing the data of an EU citizen who lives and works in America? What happens when that individual travels to the EU for a visit and works from a laptop or just checks work email on their phone?

It’s impossible to foresee and plan for every variation of this scenario, which really means that to maintain compliance with GDPR, companies must account for all possibilities. Three aspects of remote working, in particular, must be addressed to adequately manage risk and also demonstrate to regulators that your organization has taken necessary steps to meet requirements.

1. Device Security

Incredible advances in technology have made it possible for colleagues in different parts of the world to collaborate as if they’re in the same room, enabling increasingly more employees to regularly work from home or while traveling. Despite the many benefits for both workers and employers, remote working arrangements invariably increase risk when it comes to data security.

Laptops, tablets, and phones used remotely aren’t always protected by the same security measures in place within an office. These devices are also at a higher risk of being lost or accessed by unauthorized users—at which point, because the device is not physically present, determining the time, extent, and method of any data breach can be exceedingly difficult. Companies can reduce the risk to protected data by using encryption and remote management of devices, including mobile phones. Additionally, all devices should be kept up to date with the latest software, particularly company-installed anti-virus software. For essential functions like HR and global payroll, using a cloud-based system, in which personal data is managed from a central database rather than on individual devices, can help ensure critical information stays protected. Such systems also allow for granular access controls by user function, business need, and even location—which can significantly reduce the risk of data exposure in remote devices.

2. Information Management

In the lead-up to GDPR, it’s likely that your organization issued updated guidelines for information management within your office. Everyone probably completed a formal training on the new procedures, whether in a group setting or independently online. However, it’s equally unlikely that the new guidelines fully accounted for the challenges of managing important data outside of the office.

To account for the inherent risks in managing protected data remotely, it’s crucial for organizations to set clear guidelines around what information should never leave a secure environment and to establish access permissions that support those policies. Every worker should have easy access to a written security policy that explains the responsibilities of employees and clearly states what they are and are not allowed to do regarding data—and all workers should verify that they have read and understood the policy.

Animated Podcast Banner

3. Policy Awareness

Key to understanding—and thereby abiding—company policies in support of GDPR compliance is being aware of the legislation and its scope. While everyone impacted surely knows the basics of GDPR, it’s a different expectation that every employee will understand why compliance with the legislation is so important. For companies and employees within the scope of GDPR, the control individuals now have over their personal data is unprecedented in the digital age. And it benefits both workers and their employers if everyone fully understands their rights and responsibilities under GDPR.

Within the office setting, compliance goals can be embedded into the company culture by enforcement of a clean desk policy or even visual reminders throughout the office, so that compliance becomes an automatic consideration of employees. Remote workers, however, don’t get the benefit of those reinforced cues. And for employees who travel often, the additional security concerns around moving data and devices through public spaces probably aren’t discussed in the office. For remote or contingent workers who are new to the company, GDPR awareness may be as minimal as an onboarding slidedeck.

Consistency for Compliance

The way to achieve a compliance mindset for all employees, especially those working remotely, is for companies to adequately, consistently express the importance of data security. Putting the right access and management controls in place is essential, but reaffirming the significance of them is equally important. For companies using an optimized cloud-based payroll system with configurable workflows and traceability measures, compliance cues can become part of the process for all workers using the system.

The language of GDPR has brought about a sea change in how companies and individuals view personal information, data protection, and even consent. Helping employees understand what that change means in terms of how their own information is collected and processed in various areas of their life can also help them better understand the need to adhere to compliance policies at work—wherever that work may take them. Through ongoing review and training, and by implementing systems that affirm compliance measures and prioritize data security, business leaders and managers can help their workforce better support compliance needs for GDPR and any regulations to come.



Recent Articles

CloudPay to Spotlight Link Between Payroll & HR Tech at CIPP Conference

NEW YORK and LONDON, Sept. 12, 2019 WHO: Leading multinational payroll provider CloudPay WHAT: Will present “Integrated

Getting the Most from Your Payroll-HR Workflow

The successful management of a global workforce relies on fluid, organized interaction between human resources and

Why Your Payroll Provider Matters

For a function so integral to the success of any organization, payroll doesn't get a lot of attention outside of the

The Cost-Saving Side of Payroll Integration

When it comes to selecting and optimizing technology solutions for core business operations, decision-makers often

What Payslips Look Like Around the World

Probably the most eagerly awaited document in any company, the payslip can be a herald of good tidings like a pay

About CloudPay

next generation payroll analytics

Next Generation Global Payroll Analytics: Your journey to building process transparency and making payroll a catalyst for improved business performance.

global payroll implementation

Global Payroll Implementation: A comprehensive guide to building a business case, selecting a solution and successfully deploying global payroll.

building a business case for global payroll

Building a Business Case for a Global Payroll Solution: Learn how to build a benefits-driven business case for a change in global payroll.

Unlock the
Possibility in
Your Payroll

Whether you manage payroll in five countries or 50, you need a global solution that ensures compliance beyond borders and insights that will move your company forward.

Contact Us Today