Ceridian intends to be fully GDPR compliant by the enforcement deadline of May 25, 2018. We will comply with GDPR by taking a proactive approach to data management, committing to industry best practices, and promoting our purposeful approach to data stewardship.
Ceridian has undertaken an enterprise-wide initiative to prepare for the enhanced data protection requirements. Our project is a strategic initiative that has been approved, sponsored, and funded by Ceridian’s executive team, as well as our Privacy subject matter experts who are driving requirements in partnership with a cross-functional team. Program oversight is being provided by the Enterprise Risk team.
The full life cycle of data protection requirements is addressed. Key areas of focus include:
Honoring Data Subject Rights: Establishing a formal request and complaint process that considers our customers’ role under the law.
Privacy by Design and Default: Expanding the privacy department’s already existing relationship with product management and IT to the organization at large.
Defined Recordkeeping Processes and Procedures: Documenting data inventories and data maps, policies, standards and processes.
Updated Breach Notification Procedure: Adapting current processes to take into account our customers’, as well as our own, obligations under the law.
3rd Party Due Diligence: Preparing a list of EU vendors and updating contracts as needed.
Cross Border Safeguards: Confirming that our existing approach remains effective under GDPR.
Training: Ensuring our employee and vendors understand their obligations under the law.
Compliance activities have been documented and while most of the documentation is confidential, Ceridian is preparing client facing materials to assist clients with their due diligence needs. Ceridian currently has available a Customer Due Diligence Website where customers can learn more about Ceridian’s data protection program and controls and where compliance documentation can be found. This site will be updated as the effective date of May 25th approaches.
Please refer to the Customer Due Diligence portal for more details.