As software advances and personal data is leveraged in more sophisticated ways, it becomes increasingly important to ensure that the privacy of individuals is respected. As a leader in Human Capital Management, Ceridian wants to provide tools to meet your privacy needs. As such, the requirements of regulations such as GDPR are top-of-mind for us.
The General Data Protection Regulation (GDPR) regulates the collection, use, and sharing of European personal data. “Personal Data” has a broad definition, covering any information relating to an identified or identifiable individual.
The regulation affects any organisation that processes European personal data, regardless of whether the organisation maintains a presence in the EU. Companies that have North American offices, for example, that offer goods and services to the EU, or who have employees in the EU, are affected.
For those organisations that are affected, a proactive approach to data management and accountability is required. Evidence of compliance with privacy and security requirements must be documented, and mandatory breach notifications should be sent out when necessary. Large fines of €20 million or 4% of annual worldwide turnover (whichever is higher) can be applied to organisations that are found to be in noncompliance.
Among other things, under GDPR, to process personal data, organisations must:
Please refer to the Customer Due Diligence portal for more details.