How Payroll needs to change with GDPR

The 2018 General Data Protection Regulation seeks to standardize, control, and protect the personal data of EU residents in and outside Europe. Indian companies that handle data of EU residents are affected by this regulation and need to institute frameworks for data protection in order to stay compliant with GDPR. Non-compliance can lead to hefty penalties up to 20 Million Euros (or 4 percent of the global turnover).

The inherent complexity and data heavy nature of payroll services mean that small slips in compliance can turn into costly mistakes.

What it means for your payroll management system

Data Protection Officer

In India, according to the Companies Act, 2013, the Boards and Directors of Indian companies are responsible for signing off legal and GDPR compliance. Every Indian company that handles personal data of individuals is required to employ a Data Controller or Data Protection Officer with clearly defined roles and responsibilities.

Data controllers and data subjects

GDPR mandates that data controllers (employers, in the case of payroll services) should obtain consent from the data subject (employees) to process personal data. Employers are required to give employees full visibility of the data held about them.

Third party data processors

When an employer uses a third party data processor, both the employer and the processor are jointly accountable for GDPR compliance. This includes third party partners for data storage, management and marketing. It is therefore important to look for accredited organizations with trusted security credentials when choosing an outsourcing partner.

Employee rights

GDPR accords rights to data-subjects / employees around different aspects of data usage. For instance, in the event that an individual chooses to delete his data, they are protected by the right to be forgotten. If an employer breaches the GDPR laws, employee has the right to restrict processing. It is the onus of the employer to communicate to employees about the scope of information and rights they are entitled to under the new law.


Lastly, training payroll and compliance professionals to adapt to the changing regulatory landscape is essential. Compliance is never a one-time task. Setting the foundation strong can help you stay ahead of the regulatory curve.

Related articles