1st May 2018
The countdown has started! The General Data Protection Regulation (GDPR) lands this month, on the 25th May 2018. It should be the top topic of conversation within all businesses large and small and you should have your strategies in place.
But what about payroll teams and payroll data. How will you be affected?
There’s a lot to take in for any business, but within payroll there are some core things to consider.
Top 5 Tips for Payroll Personnel
- Every UK company is affected. Be aware of the impact that will fall on Payroll in terms of action and accountability
- Carry out “Data Protection Impact Assessments” (DPIAs). These will help payroll teams identify the most effective way to comply with their data protection obligations and meet employee expectations of privacy.
- Communicate. Many data protection issues have arisen as staff were unaware of processes and procedures, and payroll staff could be particularly vulnerable. Everyone in the business needs to know about the changes and the impact.
- Your business needs to designate someone as a Data Protection Officer. Make sure you liaise with them as needed regarding payroll data
- Ensure the way you handle, transmit and retain payroll data meets the requirements of the legislation. Look for ways to ensure payroll data is not held unnecessarily. Ensure there are robust documented procedures and processes around payroll data. And don’t forget employee payslips!
HR & Payroll Data Transparency
Since you’re handling employee data under the terms of an employment contract, you don’t need their consent every time you process their payroll.
However, there may be situations where you need consent for sensitive data that is not directly connected to pay. If you need access to your employee’s occupational health records, you may need to get their consent first.
What GDPR does require is visibility. Employees have the right to full visibility of the data employers hold on them and you must respond to subject access requests promptly. So, you need to have a system in place to respond to such requests, should you be asked. If you need a HR GDPR toolkit to help with HR compliance there are many suppliers who can provide you with the first steps towards compliance.
Data Security for HR & Payroll
The security requirements under GDPR mean that you need to consolidate your personnel and payroll data. This can be particularly challenging for global entities. Under GDPR your data needs to be in as few locations as possible to ensure security.
The GDPR-compliant processes you create will need to consider all sources of data, which can be challenging for HR. You need to keep data restricted to only those who have a “need to know”. For example, how will you securely store sick notes or emails requesting annual leave, when people have access to each other’s email inboxes?
You also need to consider how timesheets are handled and stored to ensure security. The same is true of payslips. This is prompting many businesses to switch to online solutions, rather than printed payslips. Online platforms, such as IRIS FMP Amity, require employees to securely authenticate access online before being able to view the information.
The Cost of Breaches
Be aware that any payroll data breaches could cost your business dearly – up to 4% of annual global turnover.
Our recommendation would be to review GDPR within your organisation as soon as possible, and certainly contact your payroll provider if you outsource that function. Ultimately if your provider cannot give you reassurance that this is high on their agenda you should consider changing providers to protect both your business and your valuable employee data.
Need to know more? Read the ICO guide to GDPR. We’re taking action. Are you?