May 2018
24
Payroll Data & GDPR - What you need to know about consent, emailing payslips, and your legal obligation.
Employers must take steps to protect and securely manage employee’s personal data to comply with GDPR. Equally, where a business outsources their payroll to a third party, they are legally obliged to provide assurances to safeguard the payroll information they manage on behalf of their clients.
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This free webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation. Places are limited, book early to avoid disappointment.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
What does GDPR mean for your payroll processing?
Payslips & GDPR Compliance
Breaching GDPR
How we are preparing for GDPR
Related Articles:
May 2018
2
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. Join us for our free webinar where we will discuss what GDPR is, why employers need to take it seriously and how you can prepare for the 25th May deadline.
Employer Webinar | Bureau Webinar
Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would provide the data subject with direct access to his or her personal data. BrightPay Connect is a self-service option which will give employees online remote access to view their payroll information 24/7.
The guide will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. To assist our customers, we have created a template Data Protection Agreement which can be used by data processors as an addendum to any existing agreements.
Download Data Protection Agreement
GDPR requires employers to give information to their workforce, setting out in particular the personal data (employee information) the employer holds about them, how it is used, and with whom the information is shared. The information required is more detailed than is currently required under existing data protection laws. Employers need to ensure that their employee privacy notices accurately reflect how they process employee data and are in line with GDPR requirements. GDPR compliant employee policies are available through the Bright Contracts software.
GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!
Apr 2018
24
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018, legislation with new rules and guidelines on how to protect and process personal data. Employee personal data held may include: name, address, phone number, email address, emergency contact details, PPS number, bank account details etc.
The GDPR requires that when retaining and processing personal data there must be lawful reasoning for doing so. In terms of processing employee data employers are likely to rely on a number of lawful reasons, mainly: to fulfill contractual obligations, legal obligations or other legitimate interests. Under data protection legislation employee data should be kept for no longer than is necessary, for the purpose that it was retained. However, when deciding how long to retain personal data employers should be guided by employment legislation.
A more detailed list of Employee Record Keeping Requirements can be viewed here.
Where legislation gives no guidance on record keeping requirements, employers should carefully predetermine, and include in any employee privacy notice, how long and the grounds they will use for retaining that data. For example; an employer may decide to retain all performance review records for the entire duration of an employee’s employment to monitor employee performance.
Whatever the reasoning behind retaining employee data – whether it be legal or other business reasons, employers need to ensure they have a clear policy outlining their reasoning, that this is easily accessible to employees and that the policy is consistently applied.
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world. This webinar will explain everything payroll bureaus need to know about GDPR. This webinar is free to attend but places are limited.
Payroll Bureau Webinar | Employer Webinar
Related Articles:
Apr 2018
10
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 changing the way we process data forever. The aim of the GDPR is to put greater protection on the way personal data is being processed for all EU citizens. Personal data can be anything from a name, an email address, PPS number, bank details etc so as you can imagine employers process a huge amount of personal data on a daily basis. So how will the GDPR affect employers in terms of processing employee data?
Consent
Data in the employment context, will include information obtained from an employee during the recruitment process (regardless of whether or not they eventually got the job), it will also include the information you hold on current employees and previous employees. All this information may be saved in hard copy personnel files, held on HR systems or it could be information contained in emails or information obtained through employee monitoring.
Under GDPR your employee’s will have increased rights around their data. These rights will include:
Employee Self Service
Under the GDPR legislation, where possible employers should be able to provide self-service remote access to a secure system which would allow employees view and manage their personal data online 24/7. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees. By introducing a self-service option, you will be taking steps to be GDPR ready.
Thesaurus Payroll Software | BrightPay Payroll Software
Related articles:
Mar 2018
23
Those of you who were on any of our recent GDPR webinars will be aware that data controllers (e.g. a payroll bureau client) need to be amending their contracts with any data processors (e.g. the payroll bureau) to accommodate the new requirements under the GDPR.
For those of you who did not get to attend our webinars here is a brief overview.
The Legislation
Whenever a data controller uses a data processor there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out certain information which needs to be included in the contract.
Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects (an individual who is the subject of personal data) protected.
Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.
What does this contract look like?
To comply with the new requirements under GDPR you could either:
Our Advice to Payroll Bureaus
Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about GDPR.
Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contracts in place.
Template Data Protection Agreement (DPA)
To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.
Mar 2018
21
Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would allow the data subject with direct access to his or her personal data. BrightPay Connect is a self-service option which will give you and your employees online remote access to view and manage your payroll data 24/7.
BrightPay Connect is tailored to help you overcome the challenge that GDPR presents. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees.
Online synchronisation and backup of payroll data will maintain accuracy and improve efficiency. By introducing a self service option, employers can begin a new way of remotely accessing information and start taking steps to be GDPR ready. Additionally a self-service facility will automate payslip distribution, simplify and integrate leave requests and keep a secure and chronological backup of your payroll records.
The option of BrightPay Connect will keep your employee payroll data secure and offers your employees the added reassurance that you are taking action to become GDPR ready. The advantages of a cloud backup and self-service software are numerous, but mainly it significantly increases the efficiency and effectiveness of payroll work.
Workflow is increased since employers are no longer wasting time on manual data processing and therefore are working quicker and more securely within the remit of the GDPR guidelines. BrightPay Connect is an online payroll and HR software solution that has been developed to help our customers become GDPR ready. It removes the manual data entry requirement for annual leave management, updating employees details, re-sending payslips, backing up your data and HR processing.
Payroll bureaus and accountants have instant access to an online self-service to view clients payroll information. Employers can invite their accountant to access their payroll information. Through the accountant / employer online dashboard, you can have remote and secure access to employee payslips, payroll reports, amounts due to HMRC, annual leave requests and employee contact details.
Invite employees to their own self-service online portal. This secure system would provide employees with direct access to his or her personal data. Employees can securely view and download payslips, P60s and P45s and easily submit holiday requests, view leave taken and leave remaining.
Integration with payroll: BrightPay Connect is fully integrated with BrightPay’s payroll software ensuring the payroll data is correct at all time. Any annual leave or other leave, changes to employee contact details and payroll reports are updated and synchronised with the payroll software and BrightPay Connect.
Under GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber attacks. BrightPay Connect is powered using the latest web technologies and hosted on Microsoft Azure for ultimate performance, reliability and scalability. BrightPay Connect maintains a chronological history of your backups which you can restore or download any time keeping your records protected.
BrightPay Connect allows password protected mobile and online access to your payroll data anytime and anywhere. This fulfils the GDPR recommendation to provide remote access to a secure system where your employees would have direct access to their personal data.
HR & Annual Leave Management: Employers can view all upcoming leave in the BrightPay Connect company wide calendar where they can easily authorise leave requests with changes automatically flowing back to the payroll. You can upload sensitive HR documents such as employee contracts keeping confidential information restricted to each individual employee.
BrightPay Connect makes it possible to drastically reduce the number of HR queries you deal with such as access to view personal data, payslip requests, annual leave requests, managing employee contact information and employee payroll records.
You will soon be able to upload employees’ hours and timesheets directly through the BrightPay Connect portal. The upload facility offers an additional layer of protection for your payroll information. From there, you can process the payroll from the timesheet upload. This automated process will offer a more secure and accurate recording of the timesheets and hours.
Cloud advancements enables an interactive collaborative experience for your accountants, employers and employees. BrightPay Connect speeds up and transforms the accountant / employer relationship from a document exchange or transactional relationship to an instant access one. Book a demo today to see just how BrightPay Connect can help towards GDPR compliance.
Free GDPR Webinars: What does GDPR mean for your business?
Payroll Bureaus and employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. In this webinar, we will peel back the legislation to outline clearly:
Agenda
Bureau CPD Webinar | Employer Webinar
BrightPay Newsletter - Are you missing out?
GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
Subscribe now
Thesaurus Payroll Software | BrightPay Payroll Software
Mar 2018
5
The EU’s General Data Protection Regulation (GDPR) will be implemented in Ireland in May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Unfortunately, many employers do not realise that 25th May 2018 is a deadline as opposed to a start date. It is important that all employers are ready and GDPR compliant by this date, with potential fines for breaches as high as €20 million or 4% of global turnover.
All employers process large amounts of personal data, especially when it comes to their customers and their employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
Organisations need to act now to prepare for the potential changes to their systems and procedures. The introduction of GDPR is just three months away, and by now all businesses should be taking action.
As part of our own preparation, we need your help. After 25th May 2018, we will not be able to email you about webinar events, special offers, legislation changes, payroll related news and other group products without you subscribing to our mailing list. You will be able to unsubscribe at anytime.
Don’t miss out - sign up to our newsletter today!
BrightPay by Thesaurus Software is hosting a free webinar on 8th March to help payroll bureaus prepare for GDPR. In this webinar, we will peel back the legislation to outline clearly:
Places are limited - book your place now!
Jan 2018
8
Get ready as more legislation hit Irish and European businesses. The objective of the recent EU General Data Protection Regulation (GDPR) is to bring data protection standards up-to-date and to ensure that individuals in the EU are appropriately protected from privacy and data breaches. It comes into effect on 25th May 2018, however this date is a deadline as opposed to a starting point.
Business owners who start looking at GDPR on or after the 25th May will be at serious risk of non-compliance. You will need to act now to understand and prepare for GDPR well in advance of the May deadline. Over the next few months, it would be advisable to set aside some time to focus on being fully compliant by the 25th May 2018.
BrightPay is committed to helping our customers and others understand the impact of GDPR. We have designed free webinars for accountants and employers to take you through the key steps to be GDPR compliant.
Register now for our free webinars which take place over the coming months.
Agenda
Employer Webinar: 30th January - Register here
Bureau Webinar (CPD Accredited): 8th March - Register here
Other Free Events
How will PAYE Modernisation affect your business?
The existing PAYE (Pay As You Earn) system was introduced nearly sixty years ago ensuring that correct deductions are made relating to pay and tax. From 1st January 2019, this system for PAYE will undergo a long overdue update called PAYE Modernisation. Under the new legislation, whenever Irish employers pay their employees, a file must be electronically submitted to Revenue containing details of these payments.
Employer Webinar: 24th January - Register here
Bureau Webinar (CPD Accredited): 25th January - Register here