GDPR Compliant Payroll Software
The EU General Data Protection Regulation (GDPR) imposes tough new requirements on the management, use and storage of individuals’ personal data and that includes the payroll information you manage on behalf of employees. In today’s data driven world, GDPR updates the current data protection legislation to protect personal data that is managed by businesses. GDPR has significant implications on the way you process personal payroll information.
The GDPR legislation applies to all businesses, including sole traders, who manage the personal data of individuals in the EU. Every business has increased responsibilities in relation to the personal data they collect, hold, transmit and otherwise use. There is mandatory breach reporting which requires employers or data processors to notify the data protection authority within 72 hours of a breach. Additionally, significant penalties and fines can be issued of up to €20 million or 4% of the businesses’ annual turnover, whichever is greater.
How does GDPR affect payroll processing?
Payroll processors handle a large amount of sensitive employee information and it is one of the key areas of a business that needs to be adequately protected. The changes to data protection policies places greater emphasis on safeguarding the personal employee information managed by you. An employer or business is classified as a data controller as they are responsible for the personal data that their business holds. Where a business processes their payroll in-house, they are also classified as a data processor. A business can outsource their payroll processing to a third party such as an accountant. In this case, the business owner would remain the data controller and accountant would be the data processor.
Employers are required to provide employees with information as to what happens to their data, as to how long their information will be stored and details of any sub-processors or third party data processors who access and manage their data. Employers can include this in the company handbook or on a data protection policy that is displayed in the office.
Employers must inform their employees about:
- What personal data will be collected by you or any third parties
- How the data will be processed
- Why the data will be processed
Securely sending payslips to employees?
Employees now have greater rights where they can now request access to the information held on them, have the right to have it rectified and in some circumstances deleted. Employees do not need to give consent for the personal data to be used as part of payroll processing. The GDPR legislation strongly recommends and encourages data processors to send payslips that are fully encrypted and/or password protected and that they are deleted from the server after being sent.
A particular concern for many data controllers and data processors is where a payslip would be accidentally sent to the wrong person. This would be a serious issue if the payslip is not password protected or where the same password is used for all employee payslips. This could be considered a breach of the GDPR legislation. The Data Protection Commissioner is responsible for enforcing the GDPR regulations and ensuring data controllers are complying with the law.
"The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information."
A self-service system offers the following benefits:
Employees can remotely access payroll information including payslips, contact details, their employee leave calendar and employee documents such as contracts of employment.
Employees can request leave and view their annual leave entitlements including leave taken and leave remaining, which are also considered personal data.
A self-service option allows employees to edit and update their personal contact information, ensuring that employees’ personal data is correct.
Online synchronisation and automated backup of payroll data will maintain accuracy and improve GDPR compliance.
How BrightPay is helping with GDPR
In the new world of GDPR, non-compliance will be a continuous threat to all businesses. At BrightPay, we specialise in payroll solutions that are tailored to help you with GDPR compliance. We are helping our customers manage their payroll data in a more secure way. Alongside your own internal GDPR compliant processes and controls, BrightPay payroll software and our cloud add-on, BrightPay Connect can help you with GDPR compliance in these key areas:
BrightPay Connect can help you with:
- Managing and protecting sensitive payroll data.
- Securely send and email personal data such as payslips to employees.
- Increased security with more secure Microsoft Azure servers.
- Secure encryption with password protection for all payslips.
- In-program customer support feature to send payroll files through a secure channel.
Additional benefits for bureaus:
- Securely email personal data such as payroll reports to payroll clients.
- Secure encryption with password protection for all payroll reports.
- Payroll bureaus can invite clients to a secure portal to view employee payslips, payroll reports and amounts due to HMRC.
How BrightPay Connect is helping with GDPR
The BrightPay Connect add-on is an online payroll and HR self-service tool that offers significant benefits to help your business or practice comply with GDPR legislation. Accountants, employers and employees can instantly access their payroll information, enabling many routine payroll and HR related tasks to be automated.
Employees can easily view their own payroll and HR data in a secure environment online via a web browser anytime and anywhere. The BrightPay Connect self-service features help you to spend less time managing the day-to-day admin of payroll and HR. BrightPay Connect significantly increases the efficiency and effectiveness of payroll work within the remit of the GDPR guidelines.