White Paper: Understanding the new General Data Protection Regulation (GDPR)


The new General Data Protection Regulation (GDPR) comes into force on Friday 25th May but what do you need to know and what steps should you be taking? Don’t be fearful of the looming deadline. The most important thing is that you can demonstrate you are taking steps towards compliance when the law changes.

Why and how is the law changing?

This new privacy law replaces the Data Protection Act (DPA) 1998. At 20 years old, the old laws are well past their best. Technology has evolved at such a fast pace that these new regulations are necessary to align the tech with the law.

The new regulations are not a complete change, rather they are an evolution of the existing laws. Indeed many of the GDPR’s main concepts and principles are much the same as those in the current DPA which you should already be complying with. These principles remain valid under the GDPR so you should already be on the path to full compliance. There are however a some improvements and new elements to consider and therefore you may need to make some changes and take some additional steps.

The main concern is how personal data is collected, processed, stored and shared. Personal data is any information that can be used to identify a person. This could be anything from name, contact info, religious beliefs and even information on cultural background and mental health history.

How does it affect you and how do you ensure that your business is compliant?

The new GDPR affects any business that collects and stores customers’ personal data. You will need to make sure that you manage your data in a way that is lawful, fair, secure and accurate. Only data that is absolutely necessary for the completion of business duties should be held and processed. It may be necessary to appoint a ‘Data Protection Officer’ who will be responsible for all internal record keeping. If there is a data breach, this must be reported within 72 hours of becoming aware of the breach. You will also need to ensure your terms and conditions and privacy policy are up to date, adequate and clearly visible.

So What Steps do you need to take?

According to the Information Commissioner’s Office (ICO), there are 12 steps that businesses need to take to prepare for the implementation of the GDPR into UK law:

  1. Awareness: Ensure that decision makers and key people in your organisation are aware that the law is changing to the GDPR.
  2. Information you hold: Document what personal data you hold, where it came from and who you share with it.
  3. Communicating privacy information: Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  4. Individuals’ rights: Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests: Update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
  6. Lawful basis for processing personal data: Identify the lawful basis for processing activity in the GDPR, document it and update your privacy notice to explain it.
  7. Consent: Review how you seek, record and manage consent and whether you need to make any changes.
  8. Children: Assess whether you need to put systems in place to verify individuals’ ages and obtain parental or guardian consent for any data processing activity.
  9. Data breaches: Ensure you have the right procedures in place to detect, report and investigate a personal data breach.
  10. Data Protection by Design and Data Protection Impact Assessments: Familiarise yourself with the ICO’s code of practice on Privacy Impact Assessments and the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
  11. Data Protection Officers: Designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
  12. International: If your organisation operates in more than one EU member state, determine your lead data protection supervisory authority.

For more resources for preparing your organisation for the upcoming changes to the data protection law, check out the ICO’s Guide to the GDPR.

What happens if you don’t comply?

The important thing now is to make sure you can demonstrate that you are actively taking steps towards compliance. Non-compliance comes with a hefty fine which could be up to 4% of your company’s annual global turnover. You will also be breaking the law which isn’t the best idea for the reputation of your company. Customer loyalty will certainly be adversely affected if you are fined for non-compliance. Remember, if you hold or process and personal data of any citizen of the EU then you are compelled to comply with the GDPR, even if your business is based outside of the EU.

Zegal can help you prepare.

So are you ready for the biggest change in data privacy regulation in 20 years? Remember It is your responsibility to demonstrate your compliance to the new regulations.

Zegal can help you keep ahead of the regulations. Our document library has been updated with lawyer-reviewed changes to ensure GDPR compliance. These documents now include clauses which are relevant to the GDPR.

  • Privacy Policy: to inform your customers what you do with their personal data
  • Information Audit Form: to help you map data flows in your organisation
  • Security Audit Form: to let you document your technical and organisational measures to ensure data security
  • Data Processing Addendum: to ensure your existing data processors comply with applicable data protection laws
  • Employee Privacy Notice: to inform your employees and contractors of their privacy rights
  • Letter to Amend Employment Contract: to bring employment contracts already in place in line with data protection requirements

We also have some new documents available to help you address GDPR requirements (available to all Professional and Premium Plan users):

  • Data Processing Addendum to ensure your existing data processors comply with applicable data protection laws
  • Privacy Notice for Employees and Contractors to inform your employees and contractors of their privacy rights
  • Information Audit Form and Security Audit Form to help you map data flows in your organisation

Click here to learn more about our GDPR compliance toolkit.

If you have questions or concerns about how your information is handled by us, please contact us at privacy@zegal.com

5 Stress Management Tips to Avoid Employee Burnout


Stress in the workplace is common and it is usually expected especially if your employees have to keep up with a deadline and render more hours just to get the work done on time. However, if this has become an everyday thing, the work environment could prove to be toxic and overall unhealthy.

Constant stress and overwork can eventually lead to a burnout, and this is not good for both the employee and the company itself. When employees are burnt out, they will have no room to think of new ways to improve their craft or even think about how to streamline office processes – all they will ever worry about is how and when to get the job done fast.

The office will be a constant humdrum of beating deadlines and rendering the same, mediocre output. Creativity and innovation will be placed in the backseat. Worse, the stress will eventually take a toll on your employees. Productivity and contentment in the workplace will go down, and this will reflect badly on the company culture and performance.

To ensure that your employees remain productive and happy, it is best to find ways on how to manage stress in the workplace. It could be as simple as allocating an hour for yoga and exercise once a week or encouraging them to take a wellness leave once in a while. Below are five more tips that you can follow:

1. Provide more work flexibility

Allow your employees to get out from the four walls of their office cubicle and work from home or somewhere else. You can implement this once a week (like “Work from Home Fridays”) or only just half a day every once a week.

Allowing them to go out and work at home or in a cafe can give them a much needed creative boost and lessen their stress levels significantly – because work environment and ambiance are also huge factors of that.

You may also allow flexible working hours. Like employees can come in at a later hour as long as they can still punch in the required work hours, or even leave early if they have no other pending tasks for the day. This allows them to have more time to relax, unwind and recharge before going back to the daily grind by the next day. It also allows them to avoid the rush hour, where their stress levels can go high even without reaching the office yet.

2. Maintain strict work hours

Work hours should still be consistent, and once the employee punches out or logs off, avoid calling, texting or emailing them about work-related stuff. Allow your employees to completely zone out from anything work-related until they log in again on the next working day.

Constantly bugging your employees about work, even while they are already at home or out on a vacation will certainly burn them out quickly. The stress and worry can certainly ruin a rather relaxing evening at home or a once in a lifetime family occasion. Employees will feel trapped with all the revolving workload, and prevent them from having a good work-life balance.

3. Review your processes and streamline it

One of the sources of stress in the workplace are unclear job positions, tasks and processes. When some people on the team don’t know who’s going to work on which, then there is an internal problem. When employees don’t also know where to go when they have issues and clarifications, then there is certainly an organizational problem.

You have to review and reorganize your corporate structure and streamline work processes whenever possible. Make sure each person on the team knows what their actual responsibilities are, and that they have a set of tasks that are expected from them to be done each day/week/month.

Related reading: 7 Tools For More Productive Collaboration in the Workplace

With a clear and organized structure and work instructions, employees can easily focus on the stuff that are their main priorities and focus on delivering them according to the pace they are most confident with – not just randomly finish whatever task that is handed to them at the last minute.

4. Promote a healthy lifestyle

Aside from getting in good shape, exercising can do wonders for one’s mental health. It can improve overall mood since it boosts serotonin levels on the brain (which helps alleviate depression) and can give an extra energy to a rather slow day at the office. Some offices now offer a mini gym – or at the very least a yoga corner for that much needed stretching and meditative break in the office.

Exercises can help employees relieve stress and frustration at work, and it could help if they don’t need to go far just to have space for such activity. Nap rooms are also great – because aside from exercise, substantial amounts of rest is also part of a healthy lifestyle. Google for example allot a place for employees to take a nap in.

5. Encourage open communication

Last but not the least, encouraging your employees to voice out their concerns with the company can help lessen the stress they experience at work. Employees can take comfort in the fact that someone in the company cares about them, and that they can voice out their concerns without fear of retaliation. However, always remember that communication is a two-way street. Aside from letting them voice their concerns freely, make sure that you actually listen – and take action whenever necessary.

Of course, another obvious tip is to avoid creating unreasonable expectations and deadlines for your employees. Too much pressure is the last thing any employee needs, for this will not only increase stress, but will also push them to do mediocre work instead (just to meet the required deadline). So be reasonable. Allow them some fair time to craft quality work, but make sure they don’t have too much time to slack off as well.

Start managing your legal needs with Zegal today

This a guest post by Gemma Reeves of FindMyWorkspace. The views expressed here are of the author’s, and Zegal may not necessarily subscribe to them. You, too, are invited to share your point of view. Learn more about guest blogging for Zegal here.

Author Bio

Gemma Reeves is a seasoned writer who enjoys creating helpful articles and interesting stories. She has worked with several clients across different industries such as advertising, online marketing, technology, healthcare, family matters, and more. She is also an aspiring entrepreneur who is engaged in assisting other aspiring entrepreneurs in finding the best office space for their business.

Check out her company here: FindMyWorkspace

Managing Payroll In A Merger Or Acquisition

Mergers and acquisitions are part and parcel of the business world. However, as with all mergers and acquisitions, this can then have significant impact on internal processes.

While most of the responsibilities lies on the top management to ensure a smooth transition with the organizational changes, the HR department also has a key role to ensure that employees are kept up to date with the changes as well.

In addition to the human aspect of mergers and acquisitions, payroll can also have a major impact on how success a merger or acquisition will eventually turn out in the long run. The key here is to ensure that any changes in payroll should be in line with organisational changes. Here are some ways to execute payroll during a merger or acquisition without overlooking due diligence.

1. Assess the payroll situation

A merger or acquisition need not be a messy or complicated affair. Instead, understand how the payroll process is like for the organisations involved. There could be a chance that the organisations involved might be using the same payroll software. Additionally, with the advancement of payroll tools and cloud-based payroll software, merging employees’ data or payroll information together might not seem as nightmarish as before.

2. Have a payroll execution plan

Tasks will not be completed without a timeline in place. Ensure that there is a payroll execution plan, with specific deadlines and timeframe to achieve a certain task at each time. At the same time, ensure that everyone involved in the payroll execution or migration plan is aware of these timelines.

3. Have a payroll representative on the M&A team

The last thing you want is to surprise the organisations involved in terms of the management of payroll processes or number of payroll vendors. Having a payroll representative in the merger and acquisition team is a great way to ensure that the organisations involved are aware of the potential costs involved as well as the need to manage the expectations and contracts with these external vendors.

4. Back up every payroll data

Given that payroll data will be migrated and merged, it is imperative for every data to be backed up before integrating it with the involved organisations. Alternatively, organisations can engage external vendors to help with the data integration, to ensure that important and confidential payroll information is not lost. 

5. Keep the employees informed

The last thing that organisations should do is to keep employees in the dark. After all, mergers and acquisitions are likely to impact employees the most and there are bound to be a lot of insecurities within the organisation. Help the management team to ensure a smooth transition by keep employees informed on successful milestones, regardless of whether they are minor or major ones. This can help to build confidence and trust within the employees at the same time.

Mergers and acquisitions are bound to create tension and certainty within the organisation. Additionally, with the integration of multiple processes ongoing at the same time, due diligence and compliance issues may be overlooked at certain times. Given that payroll is also a crucial part of the integration process, it is imperative to have a plan in place to ensure a smooth transition and contribute to the organisational growth in the long run.

Start managing your legal needs with Zegal today

This a guest post by RenQun Huang of Gpayroll. The views expressed here are of the author’s, and Zegal may not necessarily subscribe to them. You, too, are invited to share your point of view. Learn more about guest blogging for Zegal here.

About Gpayroll

Gpayroll is an easy to use, self-run online payroll service that will redefine and revolutionize the payroll industry. Its intuitive and automated system will help business owners focus on their core business without the hassle of managing payroll.

Is AI Taking Over Payroll?


Payroll is indisputably the most data-intensive aspect of Human Resources (HR). Every payroll cycle demands hundred percent accuracy, timeliness and seamless coordination of every payroll process – from updating employee bank records and salary data to disbursement of wages to employees.

This has driven many organisations to invest in HR technology solutions, automating mundane and administrative HR tasks such as salary calculations and recording employees’ working hours through punch cards. Today, payroll software are capable of managing complex HR processes such as collating the organisation’s payroll data, calculating the correct wages for each employees including tax deductions and overtime as well as generate detailed payroll reports for analysis.

While there are several facets of HR that would still require a human interface, there are still process automation in other HR areas such as HR analytics and compensation and benefits. Essentially, automation and analytics have transformed HR from an administrative facilitator to a strategic business partner within the organisation.

Following automation and analytics of HR processes, robots – or Artificial Intelligence (AI) – are considered the future of HR. As mentioned by Infosys’ executive vice-president and head, HR, Richard Lobo, AI is “slowly making inroads into HR and one of the forerunners are chatbots”. Broadly defined, chatbots are programmed to conduct online conversations with users via auditory or textual methods for various purposes including customer service helpdesk or information acquisition.

In the HR context, these chatbots are ideal forms of technology that serves to provide a better employee experience. These chatbots can help address basic employee HR requests instead of having a physical HR personnel present, allowing the HR department to save on time and resources.

On the other hand, there are rising concerns that AI might very well take over the entire payroll process. According to a white paper title The Future of Employment: How Susceptible Are Jobs To Computerisation?, the probability of payroll and timekeeping jobs being computerized is a high 97 percent.

While technology is suited to circumstances whereby the inputs and outputs are known and clear, there are two distinct aspects that AI is completely unsuited to – unexpected and data.

Technology, regardless of how sophisticated and brilliantly designed, will not be able to respond well to sudden changes and spikes in demand. Humans, on the other hand, have the advantage of responding quickly and adapting to unforeseen circumstances.

For instance, should there be the need for ad-hoc salary payments outside the typical salary cycle, human HR professionals will be able to act outside standard procedures to ensure that the software is able to cater to the unexpected circumstances.

Outputs of payroll software and technology is also heavily reliant on the data provided. Payroll software might have difficulty interpreting any data that is outside of the specified programmed examples.

One example is that wrong payroll entries made by payroll staff into the system will result in employees not being paid accurately or on time. The payroll system is unable to pick up minor errors as such. Human HR professionals, however, are able to interpret payroll data with the context in mind and make appropriate judgement on the validity of the data. Simply put, the payroll software can only identify what is right or wrong – whether the decision fits the context of the situation is ultimately decided by the HR professional.

Finally, one thing that technology lacks is the good old human touch. When employees have queries regarding something sensitive such as payroll, employees will want to talk to a real person. Even sophisticated chatbots cannot replace the “human” element of HR.

Despite growing wariness on the complexity of payroll software, HR professionals should regard it with positivity nonetheless. AI, when well used, can work harmoniously to achieve HR goals for both employees and the organisation.

Start managing your legal needs with Zegal today

This a guest post by RenQun Huang of Gpayroll. The views expressed here are of the author’s, and Zegal may not necessarily subscribe to them. You, too, are invited to share your point of view. Learn more about guest blogging for Zegal here.

About Gpayroll

Gpayroll is an easy to use, self-run online payroll service that will redefine and revolutionize the payroll industry. Its intuitive and automated system will help business owners focus on their core business without the hassle of managing payroll.

Strictly Confidential? You need a Non-Disclosure Agreement


By its very nature, conducting business requires fluid and comprehensive communication. There are many situations where sharing private and confidential information can be crucial. This could be with an individual such as an investor or an entire company as part of a business to business negotiation. So how do you ensure that your confidential information is protected? A Non-Disclosure Agreement (NDA) can safeguard this confidential information. It ensures that the other party fully respects your confidentiality and agrees not to disclose any information that has been shared. After all the most valuable assets a business has are its deepest secrets!

What exactly is an NDA?

Also known as a Confidentiality Agreement, an NDA is a legal contract by which a party agrees to keep information confidential. By signing this agreement, the receiver agrees not to disclose, use or exploit confidential information. The NDA will also specify the purpose of disclosing the information in the first place and how long the confidentiality obligations will apply.

When should you sign an NDA?

Broadly speaking, an NDA is a good idea whenever you are considering sharing valuable information about your business. It is crucial to ensure that the other party doesn’t take the information and either use it as their own, or use it in their own way without your approval.

An NDA ensures that all parties are agreed as to how information is to be treated. In turn this strengthens the confidential business relationship whilst also protecting proprietary information and trade secrets.

When would I need to share confidential information?

A company or individual should always evaluate any potential business relationship or partnership before agreeing to do business. If you are in talks with investors or manufacturers, for example, then a certain amount of confidential information will need to be shared In order to fully understand what a business transaction would involve. Obtaining intelligence on each other’s business models and processes may be necessary before signing on the dotted line. Full disclosure however means that measures must be taken to ensure the information remains solely between the parties involved.

When you are starting out, you may have to tell people about your business idea to get advice from various experts such as banks, accountants, insurance brokers or marketing agencies. Don’t ever assume that such conversations with advisers are automatically confidential.

What are the different types of NDA?

An NDA can either be one way or mutual. A one way or unilateral NDA is required when an individual or business shares information with another party and the receiver agrees not to disclose the information. A mutual NDA is when both parties are sharing confidential information with each other and therefore both need to agree to maintain confidentiality.

Some employee agreements may also include an NDA clause. In this case, the employee agrees not to use or share confidential information that is owned by the company.

How long does an NDA last?

The length of the agreement should be included within the document. After this time, the information may be used or disclosed. However, once the information is launched into the public domain, the NDA is no longer enforceable.

Related reading: Legal Documents Every Business Should Have

What should be included in your NDA?

Most importantly, you must identify and clarify the information that should be included. This involves defining what exactly is confidential and needs to be protected. Examples of types of information that could be protected under an NDA include ideas for a new website, innovations, strategies, software programmes, manufacturing processes, and designs or information relating to finances and customers. The NDA can also state that any information shared in presentations and meetings is similarly protected. Make sure the you include very specific information about any proprietary information and include examples. Define this as narrowly as possible but at the same time keep it concise. You should also clearly list exclusions from the definition of confidential information.

The NDA should also define the obligations of the party receiving the information. Mainly this obligation is to protect the secrecy of the confidential information as if it were their own. This also includes not influencing others to acquire the confidential information by improper means.

The specific dates for the NDA must also be outlined. You must clearly state the start and end date for when information may be exchanged between the parties. The NDA should also define a time period during which the Receiver is obligated to maintain confidentiality of the information.

Final Thoughts

An NDA can only be effective if it has been agreed upon and signed. It is simply unenforceable until this takes place and does not offer you any protection. It is crucial that signing takes place BEFORE you share any confidential information. Also, ensure that the right person with the correct authority signs the NDA such as a company director or a senior employee who is a decision maker.

Don’t just rely on an NDA to protect your information. An NDA is an effective measure and its very presence reinforces the fact that the information is sensitive thus reducing the risk of disclosure. However you should take additional steps to protect your confidential information. Consider setting up information security policies. These could be physical protection of information i.e keeping it under lock and key and also ensuring your information flow is on a need-to-know basis.

Sign up for a FREE trial with Zegal and produce your own Non-Disclosure Agreement for free: 

Start managing your legal needs with Zegal today

Like what you just read?

Subscribe to our newsletter and be the first to hear of the latest Zegal happenings, tips and insights!