The European General Data Protection Regulation (EU GDPR) that becomes effective on May 25, 2018 is intended to advance personal data and privacy protection for European Union residents. EU data protection law provides data subjects with a wide array of rights that can be enforced against organizations that process personal data. These rights may limit the ability of organizations to lawfully process the personal data of data subjects, and in some cases these rights can have a significant impact upon an organization’s business model. In anticipation of the enforcement date, Paylocity is hard at work implementing a comprehensive compliance program.

 

Paylocity acts as a “Processor” to its customers who are “Controllers” of “Personal Data” of people in the European Union (EU), as these terms are defined under the GDPR. As a provider of cloud-based payroll and human capital management solutions, we process personal data on behalf of our clients that may have employees all over the world. Our clients are the controllers of data. They instruct us regarding the personal data that we process. All organizations that act as controllers are directly affected by the rights afforded to data subjects. Organizations that act as processors are affected to a lesser degree, but should still be aware of these rights.

 

The GDPR ensures greater protection of personal data for EU individuals. It includes a comprehensive definition of “personal data” as any information that can be used to identify someone. Further, the GDPR empowers EU consumers by giving them rights to, and control of, their data, and by requiring anyone processing this personal data to better protect it. Some of the fundamental rights of these EU individuals include the right of access to their personal data, the right to rectification of this data, the right to be forgotten (erasure), the right to restrict processing, the right to data portability (and to receive copies of the data)  and the right to object. If you want to know more about the tools we have available at Paylocity that allow you (as a data controller) to meet the data subject rights under GDPR please contact us at privacy@paylocity.com.

 

For a comprehensive look at Paylocity’s Guide to the General Data Protection Regulation, click here.

 

To understand how Paylocity is applying a comprehensive compliance program, click here.