GDPR Compliance

Learn how we comply with the General Data Protection Regulation (GDPR) and how it affects you.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a data privacy law that standardizes data protection across the European Union. Implemented on May 25, 2018, GDPR aims to give individuals greater control over their personal data while enforcing stricter security measures on businesses handling such data.

Companies that fail to comply with GDPR regulations can face fines of up to €20 million or 4% of global turnover.

Any business collecting, processing, or storing the personal data of EU citizens, regardless of its location, must adhere to GDPR guidelines.

How GDPR Affects Our Customers

Our Payroll SaaS platform provides secure and automated payroll services, which means we process sensitive employee data on behalf of our clients. Under GDPR:

  • We are classified as a Data Processor – responsible for handling your employees’ payroll data.
  • You, as our customer, are the Data Controller – responsible for ensuring compliance in how data is collected and used.
  • Your employees, whose data is processed in our system, are the Data Subjects – having rights over their personal data.

Your Responsibilities

As a Data Controller, you must ensure your payroll data processing aligns with GDPR regulations. We recommend the following steps:

  • Maintain an inventory of personal data (e.g., employee records, tax details).
  • Educate employees on GDPR best practices and compliance requirements.
  • Determine if you need a Data Protection Officer (DPO).
  • Ensure that data processors (like our Payroll SaaS) comply with GDPR.
  • Be prepared to address data subject requests, such as access, rectification, or deletion of personal data.

Our GDPR Compliance

We prioritize data security and compliance with GDPR by implementing industry-best security measures, including:

1. Secure Infrastructure

  • Our core network is hosted on Amazon Web Services (AWS) with redundant availability zones.
  • All data stored is encrypted using AES-256 encryption.
  • We enforce HTTPS connections for all interactions with our platform.
  • Firewall policies strictly control access to our core infrastructure.

2. Internal GDPR Policies

  • Maintaining a detailed inventory of all data stored and processed.
  • Documenting data flows to track where information is stored and who has access.
  • Regular employee training on data security and GDPR compliance.
  • A Rapid Response Protocol for handling potential data breaches swiftly.

3. Compliance Transparency

  • Regular audits to ensure GDPR compliance.
  • Updated Terms & Conditions and Privacy Policy reflecting GDPR guidelines.
  • Publishing a Security Document detailing our security practices.

Contact Us

We take data security seriously and welcome any inquiries regarding our GDPR compliance. If you have any questions or require more details, please reach out to us:

Last updated: March 2025. You can view and download the full General Data Protection Regulation (GDPR) document here.