May 2019
15
It’s been one year since the introduction of the GDPR, and employers and accountants are reviewing their systems, processes and procedures on an ongoing basis to ensure they are doing their best to avoid hefty non-compliance penalties.
Thesaurus Connect is tailored to help you overcome some of the key challenges GDPR presents when processing payroll. Although Thesaurus Payroll Manager is a desktop application,Thesaurus Connect enables users to store their payroll information in the cloud. Because the payroll information is stored online, it has allowed us to bring you even more functionality and benefits, enabling users to work quicker, more efficiently and more profitably within the scope of the GDPR guidelines.
Many businesses are looking for better ways to keep their employee's payroll data safe and secure. By introducing Thesaurus Connect, you will be taking steps to be GDPR compliant. Book a demo today to find out how Thesaurus Connect can help you with improving GDPR compliance.
Nov 2018
11
Nearly 7 months since the General data Protection Regulation (GDPR) was introduced across all of Europe, complaints around Data Protection have nearly doubled in the UK and are up by nearly 2 thirds in Ireland.
GDPR was designed to give Data Subjects more control over their personal data, with more transparency and the threat of larger fines to those in breach of the new rules. The GDPR requires any company that suffers a data breach to notify its users/data subjects within 72 hours of the breach being discovered.
• Ireland’s Data Protection Commission (DPC), head of communications - Graham Doyle has said that ‘there has been a significant increase in the volumes of both breaches and complaints to the DPC since May 25th.’ Since GDPR enforcement began the DPC has seen monthly data breach reports double, while data protection complaints increased by 65%.
• Data protection complaints to the UK’s Information Commissioners Office (ICO) rose to 4214 in July compared to just 2310 complaints received in May before the GDPR came into force. A spokes person for the ICO said the increase was expected, as more users became aware of data protection because of publicity around the new rules and following a series of high-profile data scandals involving big technology firms.
Experts note, however that the increase does not mean that the number of data breaches has suddenly gone up, but rather reflects the full scale of the data breach problem becoming better known.
Organisations that fail to comply with GDPR can face fines of up to 4% of annual global revenue or €20 million, whichever is greater. So far none of the EU’s Data Protection Agency’s has issued any fines. Graham Doyle at the DPC said ‘It is too soon to expect to see any fines levied against organizations that have violated GDPR – given its only 3 months after it went into full effect.’
Related Articled:
Thesaurus & BrightPay Newsletter - Are you missing out?
We will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
Thesaurus Payroll Software | BrightPay Payroll Software
Sep 2018
14
The introduction of the General Data Protection Regulation (GDPR) in May brought with it new and more stringent rules around the security of personal data and how it is processed.
The new legislation places increased responsibilities on all those parties that process personal data. All organisations, regardless of size, have had to comply with the GDPR. As part of their preparation for the GDPR, employers were required to introduce or update existing policies regarding personal data held.
Free Webinar: GDPR 3 Months On! (20th September @ 11.00 am)
Thesaurus Software is hosting a free GDPR webinar this September where we will have a guest speaker from the Data Protection Commissioner’s office. The webinar will be CPD accredited and free to attend.
In this webinar, we will look at what’s new in GDPR, how it may affect your business and what we have learned from the GDPR three months after it’s introduction. We will also discuss how Thesaurus Software can help your organisation utilise the new data protection regulations for the benefit of you, your customers, suppliers and employees.
Webinar Speakers
Laura Murphy - Laura is an experienced Human Resource professional with unique global experience. She has worked in-house and in external consultancy roles for SMEs, international organisations and public sector bodies across the UK and Ireland.
Jennie Hussey - Jennie is an experienced Employment Law Advisor with a demonstrated history of working in the HR and payroll industry.
Guest Speaker: Graham Doyle - We are pleased that Graham Doyle, Head of Communications from the Data Protection Commissioners office will be joining us to discuss GDPR and the effect it is having on all businesses.
Places are limited - book your place now!
Related articles:
Thesaurus & BrightPay Newsletter - Are you missing out?
We will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
Aug 2018
20
Thesaurus Connect is tailored to help you overcome some of the key challenges GDPR presents when processing payroll. The payroll itself is still processed on Thesaurus Payroll Manager’s desktop application, however the payroll information is stored online on a secure cloud server. As the payroll information is stored online, it has allowed us to bring you even more benefits to help you with GDPR compliance.
With the GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber attacks. Essentially Thesaurus Connect is a secure cloud backup, keeping employee’s payroll data safe and secure. A chronological history of all payroll backups will be maintained which can be downloaded and restored at any time.
GDPR includes a recommendation to provide remote access to a secure system, which would provide employees with direct access to their personal data. With Thesaurus Connect, employees can be invited to their own password protected self-service portal. Employees can login to the portal 24/7 on any device, including PC’s, Macs, tablets and smartphones (essentially anywhere that they have access to an internet browser) or there is also an employee smartphone app where employees can login and get notifications directly to their device.
With Thesaurus Connect, employees can access a payslip library where they can view and download all historic and current payslips. Employees can also access payroll documents such as P60s, HR documents such as their contract of employment, personal data held by their employer and past and scheduled leave.
The right to rectification of personal data held is an important employee right under the GDPR. With the employee self-service portal, employees can update their basic personal details such as their phone number and postal address.
Data controllers and data processors must ensure that the personal data held is relevant and up-to-date. As employees can update their basic personal details on Thesaurus Connect, this ensures that employers have access to the most accurate personal details for employees.
With the GDPR, data controllers must ensure that, by default, only personal data which is necessary for each specific purpose of the processing can be accessed. Therefore, payroll processors should only have access to the personal data that is strictly required for processing the payroll. This is referred to as data minimisation, or privacy by default. With Thesaurus Connect, users can be set up so that they only have access to the information needed to complete their specific responsibilities. For example, there may be a HR manager who should not have access to employee’s payroll data, or a payroll processor who should not have access to employee documents or employees marked as confidential.
Thesaurus Connect acts as an all in one central location to store all things employee related, including payroll, HR and other employment related documents. Employers have the ability to upload documents that apply to all employees (e.g. company handbook), documents that are unique to individual employees (e.g contract of employment), or even documents that are relevant to a particular department.
If you are a payroll bureau, you can invite your payroll clients to Thesaurus Connect to their own online employer dashboard. This is a secure portal for client communications, eliminating the need to send documents with sensitive personal information by email. Clients can view employee payslips as soon as they have been finalised, they can run their own payroll reports and view amounts due to Revenue. This offers an additional layer of GDPR protection for client’s payroll data.
Essentially, by introducing Thesaurus Connect in your business, you will be taking steps to be GDPR compliant. Book a demo today to have a look at Thesaurus Connect.
Related articles:
Aug 2018
3
Under Article 16 of the GDPR, individuals have the right to rectify data that is inaccurate about them. An individual may also be able to have incomplete personal data completed. Although you may have already taken steps to ensure that the personal data was accurate when you first obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.
What do we need to do?
If you receive a request from an individual to rectify their personal data, you should take reasonable steps to ensure that the data is accurate and rectified if necessary. The reasonable steps taken will depend on the nature of the personal data and what it will be used for. The more important the personal data is to be accurate, the greater the effort you should put into ensuring it’s accurate and if not, taking steps to rectify it.
When is data inaccurate?
The GDPR does not give a definition of the term accuracy. However, it states that personal data is inaccurate if it is incorrect or misleading in any way. It is the data controller's responsibility to ensure the personal data they manage is accurate and up-to-date.
Can we refuse to comply with the request for rectification for other reasons?
You can refuse to comply with a request for rectification if the request is excessive or manifestly unfounded, taking into account whether the request is repetitive in nature. There are two things you can do if you consider that a request is excessive or manifestly unfounded:
1) Request a “reasonable fee” to deal with the request
2) Refuse to deal with the request
You will need to justify your decision in either case. The reasonable fee should be based on the administrative costs of complying with the request. If you decide to charge a fee, it is advised that you contact the individual within one month. You do not need to comply with the request until you have received the fee.
In most cases, you cannot charge a fee to comply with a request for rectification. However, as noted above, if the request has been excessive or manifestly unfounded you may charge a reasonable fee to cover the administrative costs.
Related Articles:
GDPR & Payroll processing: Do I need consent from my client's employees?
BrightPay launch an employee payroll smartphone app.
Are you missing out on our newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at any time. Don’t miss out - subscribe today!
Jul 2018
2
Businesses must provide their employees with information on what happens to their data, for example sharing employee’s personal data with a payroll bureau who processes the payroll. Employee personal data can be stored and managed by a payroll bureau, bookkeeper or accountant for the sole benefit of correctly paying their wages, paying the correct tax and providing a payslip. All of this legitimately falls under the remit of the GDPR legislation.
Many bureaus have expressed concern and confusion in relation to getting consent from client’s employees and securely distributing payslips. Payroll bureaus do not need to seek consent from individual employees that the payroll is processed for. However, the employer will need to inform their employees that they are sharing their personal information with a third party.
An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing. It should be noted that bureaus should keep only the personal data that is strictly required for the purpose of the payroll. This is referred to as data minimisation or privacy by default.
BrightPay is running free webinars to help you with what you need to know about GDPR. These webinars are free to attend for both payroll bureaus and employers. Places are limited - book your place now.
Related articles:
Jun 2018
8
The amount of data currently being processed by businesses was unforeseeable way back in the 1990’s when the current Data Protection Regulation was drawn up. Officials recognised that the current rules just weren’t sufficient to handle the current digital era. An updated reform was agreed and GDPR was born.
From May 25th, the GDPR legislation was enforced by data regulators across Europe. As this deadline is passed, it is important to note that every business that stores and manages personal data will be affected by this change.
To help you with your GDPR preparation we’ve compiled a list of some of the most common questions that we get asked:
Personal data is anything that allows a person to be identified. Some examples would be; name, address, IP address or photo.
One of the most talked about elements of the GDPR is the consequences for non-compliance. Companies that fail to comply can face fines of up to £20 million or 4% of turnover (whichever is greater).
In short, yes. GDPR will affect every individual and organisation that holds or processes personal data from any individual in the EU.
Emailing payslips is still perfectly acceptable under the GDPR. However, it is important to consider the security of the payslip. Payroll software, like BrightPay & Thesaurus, will encrypt payslips and automatically delete payslips that are sent from our servers.
Data Protection has always been a priority for BrightPay & Thesaurus. Like all companies, we’ve had to review how we handle data in preparation for the GDPR. Here is a list of resources we’ve put together to aid you on the voyage to becoming compliant with the GDPR:
1. Free GDPR webinars for payroll bureaus and employers
Join us for our free webinar where we will discuss what GDPR is and why employers need to take it seriously.
2. BrightPay & Thesaurus Connect
The GDPR states that where possible individuals should have access to a secure, self-service remote system which would provide direct access to their personal data. BrightPay Connect is a self-service option which will give employees online remote access to view their payroll information at any time.
3. Free GDPR and The Future of Payroll guide
This guide will specifically look at the impact of GDPR on your payroll processing and highlight the biggest areas of concern. We will walk through some important steps to achieve GDPR compliance.
4. Free template: Data Processor Agreement
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities.
GDPR is changing how we communicate with you. From May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!
Thesaurus Payroll Software | BrightPay Payroll Software.
Jun 2018
5
The way in which we communicate and send payroll information to Revenue is changing. The objective of PAYE Modernisation allows for Revenue, employers and employees to access the most accurate, up-to-date information relating to pay and statutory payroll deductions. PAYE Modernisation will be effective from the 1st of January 2019 and will apply to all employers.
Bureau webinar | Employer webinar
Employers must take steps to protect and securely manage employees’ personal data to comply with GDPR. Equally, where a business outsources their payroll to a third party (payroll bureau), they are legally obliged to provide assurances to safeguard the payroll information they manage on behalf of their clients. Places are limited.
PAYE Modernisation is a mandatory payroll requirement that will be introduced from the 1st January 2019. It won’t change the way you calculate your PAYE information, it just means that you will need to send your data through to Revenue in real time. Every time you pay your employees (i.e. each pay period), you will need to submit PAYE information to Revenue, through an API link via your payroll software.
Read full article | Register for webinar
Whenever a data controller uses a data processor there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out certain information which needs to be included in the contract.
Find out more | Template Data Processor Agreement
Our employee self-service smartphone and tablet app is available with our cloud add-on Thesaurus Connect. The advancement of employee mobile apps offers many different advantages for employers, employees, and the business as a whole. For employers and HR Managers, the user-friendly portal will streamline payroll processing while reducing the number of payroll queries from employees.
Data Protection has always been a concern for Thesaurus Software and we have always aimed to act with complete integrity in this regard. In preparation for GDPR, we have had to complete a total review on how we gather, maintain and use data. We have taken steps to securely protect our customers information including increased encryption, securely deleting files from our servers and updating our privacy policies in line with GDPR.
Key changes | Updated privacy policy
Where possible the data controller should offer self-service remote access to a secure system providing individuals with access to his or her personal data. Thesaurus Connect is a self-service option which provides online access 24/7. Employees can view and download current and historic payslips, P45’s and P60’s. Annual leave can also be requested which flows through as a notification for the employer to approve. Employee contact information can be edited and updated keeping records accurate at all times. For payroll bureaus, clients can access payslips, a leave calendar, amounts due to Revenue and payroll reports.
Are you missing out on Thesaurus Software's newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
May 2018
24
Payroll Data & GDPR - What you need to know about consent, emailing payslips, and your legal obligation.
Employers must take steps to protect and securely manage employee’s personal data to comply with GDPR. Equally, where a business outsources their payroll to a third party, they are legally obliged to provide assurances to safeguard the payroll information they manage on behalf of their clients.
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This free webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation. Places are limited, book early to avoid disappointment.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
What does GDPR mean for your payroll processing?
Payslips & GDPR Compliance
Breaching GDPR
How we are preparing for GDPR
Related Articles:
May 2018
2
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. Join us for our free webinar where we will discuss what GDPR is, why employers need to take it seriously and how you can prepare for the 25th May deadline.
Employer Webinar | Bureau Webinar
Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would provide the data subject with direct access to his or her personal data. Thesaurus Connect is a self-service option which will give employees online remote access to view their payroll information 24/7.
The guide will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. To assist our customers, we have created a template Data Protection Agreement which can be used by data processors as an addendum to any existing agreements.
Download Data Protection Agreement
GDPR requires employers to give information to their workforce, setting out in particular the personal data (employee information) the employer holds about them, how it is used, and with whom the information is shared. The information required is more detailed than is currently required under existing data protection laws. Employers need to ensure that their employee privacy notices accurately reflect how they process employee data and are in line with GDPR requirements. GDPR compliant employee policies are available through the Bright Contracts software.
GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!