According to the 2019 Global Payroll Complexity Index, data, particularly, the protection and security of data- is now the primary concern for the industry. As the report notes, “Payroll holds the key to business success. It’s the value in payroll data that makes it incredibly high risk.” That payroll professionals are, therefore, concerned about protecting this valuable resource is hardly surprising. A survey of payroll professionals found that:
On average, HR and payroll departments spend approximately 36 hours per week on compliance-related activities ranging from tracking regulatory proposals to creating and communicating new policies – enough work for a dedicated full-time employee.
Organizations with fewer than 500 employees average 23 hours per week on compliance duties, while those with 500-999 employees average 31 hours per week. It increases to 36 hours per week for organizations with 1,000-2,499 employees.
What are the three main areas of concern?
“The results of the Global Payroll Complexity Index confirm that in 2019, multinational organizations continue to be challenged by managing growing volumes of employee data, adhering to data privacy regulations, and staying compliant in a world of unique employment and taxation compliance regulations across the globe,” explained Mary Holland Global Director of Strategy, Development and Training at the Global Payroll Management Institute (GPMI) and the American Payroll Association (APA).
To anyone working in global payroll, the results of the survey will come as no surprise. GDPR is a game-changer; the increasing volume of data brings with it greater security risks, and the constant onslaught of new labor regulations combine to present payroll professionals with a herculean task. Today I want to look at each of these areas in a little more detail and then examine how Immedis is working hard to assist global payroll tackle each concern.
GDPR and how it is changing Europe’s data protection laws is arguably one of the most significant impacts on the payroll industry in recent memory. The regulation governs not just what data can be held; but also, where, by whom, and for how long. What is also hugely significant for global companies is that GDPR applies not only to businesses and organizations within the EU, but also to businesses and organizations outside of the EU if they provide goods or services to individuals in the EU or if they monitor the behavior of EU data subjects. All companies- regardless of where they are located- who process or hold personal data of individuals residing in the EU are accountable and must be GDPR compliant.
Organizations that fail to comply with GDPR face reputational damage and fines. According to the recent report, data protection regulators have imposed EUR114 million (approximately USD126 million / GBP97 million) in fines since May 2018.
The unique and sensitive nature of employee data means that organizations are under extreme pressure to ensure they do not fall victim to hackers. Such a breach causes potential problems for employees, and it also puts the company at risk of reputational damage and legal action.
One of the recent examples of such a violation occurred in April when American education technology company Chegg experienced a data breach where hackers stole 700 records containing both past and present employee information such as names and Social Security Numbers.
Keeping up to date with changing legislation is one of the greatest challenges faced by payroll professionals. Again, this is hardly surprising given the high frequency of changes in the laws both local and international. From the 2019 Global Payroll Complexity Report, we know that while European countries still top the list for most complex reporting, the growth economies of South America, Asia, and Africa mean countries in these regions are starting to make more changes to their laws which will further impact the task of payroll.
How can payroll best manage these challenges?
One response is to move to a unified global payroll provider. While the many capabilities of a single payroll system extend beyond ensuring compliance, the fact is they can significantly alleviate compliance concerns.
The cornerstone of GDPR compliance is ensuring the protection of your data. Payroll must be able to answer the following questions:
- What data do you hold?
- Where do you keep this data?
- Why are you holding onto this data?
- How secure is it?
When reviewing different payroll vendors, take the time to discuss each of these questions with them to ensure each has the capabilities to meet your data obligations. The Immedis Platform protects your data through multiple measures including encryption and the ability to separate data from its subject so that the information is held separately adding another level of security and privacy.
Protecting your data is critical. However, a global payroll platform that comes with an ISO quality certification offers security. In particular, the ISO 27001 certificate as it recognized as the international standard for information security management. Here at Immedis, we take the issue of security very seriously. We are ISO certified, which means we run monthly internal audits and complete biannual external audits to ensure conformance. We also implement a rigorous control framework – every action on the Immedis Platform is user stamped, dated, and timed. We regularly review and update security policies. We also provide security training to employees, perform security testing, monitor compliance with security policies, and conduct internal and external risk assessments.
Staying current with payroll legislation is a behemoth task. The risks and financial consequences of failure to do so are equally immense. There is help. Deloitte highlights the advantages of a global service vendor: “A global service vendor offers a unique solution for the tax and social security compliance-related issues by providing payroll services for most countries across the globe.” An additional benefit is getting updated information on amendments – particularly regarding local laws- and connecting with several vendors is taken care of by a single vendor. Immedis has extensive international and cross-border payroll expertize and provides ongoing updates on local legislative changes and their impacts on employees.
We are happy to demonstrate how the Immedis Platform is helping other customers to deliver on payroll compliance. To learn more about our global payroll solution, start today by watching this webinar Global Payroll Reporting: What Good Looks Like
I want to thank Margaret Corrigan from the Taxback Group for her contributions to this blog post.