Is the emailing of payslips permissible under GDPR?
There is nothing in the GDPR that states it is no longer permissible to email payslips, this practice is still very much acceptable. The thing to keep in mind in relation to emailing payslips is to ensure that all appropriate security measures are in place. The payslips that are emailed from BrightPay are encrypted and deleted from our servers once sent, however it may also be prudent of a processor of the payroll to password protect the payslips also. It will be the responsibility of the Data controllers (employers) to be vigilant that correct email addresses are inputted.
Can I still use my hard-earned mailing lists after May 25th?
Not automatically - the GDPR states that to be able to ‘Lawfully Process’ personal data you must be able to fall into at least 1 of the 6 processing classifications, the first one being Consent. Consent must be:
• Specific, informed, unambiguous, and freely given – there must be evidence that clear affirmative action has been given.
• Must be for a specified purpose
• Where consent is obtained as part of a larger document covering other things, consent text must be clearly distinguished from everything else
• Evidence needs to be retained as to how the consent was obtained. For example; forms, brochures signage, website screenshots.
• Language must be accessible and easily understood.
• Have a clear and seamless opt-Out process in place.
If you have mailing lists that you’ve used pre GDPR you will not be able to continue using them if you haven’t got specific approval or consent from the individuals.
Do we need to ask for consent from our employees to process their data?
No, as the reliance for processing and retaining their data will be down to lawful processing because of the employer’s legal obligation to deduct taxes etc. and also down to the contractual agreement in place to pay them and pay forward the taxes owed on their behalf. And also to the nature of the relationship between the employer and the employee, the status quo is in the employer’s favour so consent would not be unambiguous or freely given.
More information can be found in the GDPR section of our online support documentation on our website - Bright Contracts UK - GDPR