When handling personal information about employees, private sector employers haven’t had to concern themselves too much with obligations imposed by the Privacy Act 1988 (Cth) (Privacy Act) because of the application of the ‘employee records exemption’. However, for organisations that handle the personal information of European based employees, the forthcoming European General Data Protection Regulation (GDPR) will impose one of the highest standards of data protection in the world when it came into effect in 25 May 2018.  It raises many complex issues for organisations and payroll functions who operate in a global environment, and is backed by heavy fines of up to 4% of annual turnover and other regulatory ramifications for non-compliance.