Nov 2018
11
Nearly 7 months since the General data Protection Regulation (GDPR) was introduced across all of Europe, complaints around Data Protection have nearly doubled in the UK and are up by nearly 2 thirds in Ireland.
GDPR was designed to give Data Subjects more control over their personal data, with more transparency and the threat of larger fines to those in breach of the new rules. The GDPR requires any company that suffers a data breach to notify its users/data subjects within 72 hours of the breach being discovered.
• Ireland’s Data Protection Commission (DPC), head of communications - Graham Doyle has said that ‘there has been a significant increase in the volumes of both breaches and complaints to the DPC since May 25th.’ Since GDPR enforcement began the DPC has seen monthly data breach reports double, while data protection complaints increased by 65%.
• Data protection complaints to the UK’s Information Commissioners Office (ICO) rose to 4214 in July compared to just 2310 complaints received in May before the GDPR came into force. A spokes person for the ICO said the increase was expected, as more users became aware of data protection because of publicity around the new rules and following a series of high-profile data scandals involving big technology firms.
Experts note, however that the increase does not mean that the number of data breaches has suddenly gone up, but rather reflects the full scale of the data breach problem becoming better known.
Organisations that fail to comply with GDPR can face fines of up to 4% of annual global revenue or €20 million, whichever is greater. So far none of the EU’s Data Protection Agency’s has issued any fines. Graham Doyle at the DPC said ‘It is too soon to expect to see any fines levied against organizations that have violated GDPR – given its only 3 months after it went into full effect.’
Related Articled:
Thesaurus & BrightPay Newsletter - Are you missing out?
We will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
Thesaurus Payroll Software | BrightPay Payroll Software
Jul 2018
2
Businesses must provide their employees with information on what happens to their data, for example sharing employee’s personal data with a payroll bureau who processes the payroll. Employee personal data can be stored and managed by a payroll bureau, bookkeeper or accountant for the sole benefit of correctly paying their wages, paying the correct tax and providing a payslip. All of this legitimately falls under the remit of the GDPR legislation.
Many bureaus have expressed concern and confusion in relation to getting consent from client’s employees and securely distributing payslips. Payroll bureaus do not need to seek consent from individual employees that the payroll is processed for. However, the employer will need to inform their employees that they are sharing their personal information with a third party.
An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing. It should be noted that bureaus should keep only the personal data that is strictly required for the purpose of the payroll. This is referred to as data minimisation or privacy by default.
BrightPay is running free webinars to help you with what you need to know about GDPR. These webinars are free to attend for both payroll bureaus and employers. Places are limited - book your place now.
Related articles:
May 2018
2
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. Join us for our free webinar where we will discuss what GDPR is, why employers need to take it seriously and how you can prepare for the 25th May deadline.
Employer Webinar | Bureau Webinar
Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would provide the data subject with direct access to his or her personal data. Thesaurus Connect is a self-service option which will give employees online remote access to view their payroll information 24/7.
The guide will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. To assist our customers, we have created a template Data Protection Agreement which can be used by data processors as an addendum to any existing agreements.
Download Data Protection Agreement
GDPR requires employers to give information to their workforce, setting out in particular the personal data (employee information) the employer holds about them, how it is used, and with whom the information is shared. The information required is more detailed than is currently required under existing data protection laws. Employers need to ensure that their employee privacy notices accurately reflect how they process employee data and are in line with GDPR requirements. GDPR compliant employee policies are available through the Bright Contracts software.
GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!
Apr 2018
10
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 changing the way we process data forever. The aim of the GDPR is to put greater protection on the way personal data is being processed for all EU citizens. Personal data can be anything from a name, an email address, PPS number, bank details etc so as you can imagine employers process a huge amount of personal data on a daily basis. So how will the GDPR affect employers in terms of processing employee data?
Consent
Data in the employment context, will include information obtained from an employee during the recruitment process (regardless of whether or not they eventually got the job), it will also include the information you hold on current employees and previous employees. All this information may be saved in hard copy personnel files, held on HR systems or it could be information contained in emails or information obtained through employee monitoring.
Under GDPR your employee’s will have increased rights around their data. These rights will include:
Employee Self Service
Under the GDPR legislation, where possible employers should be able to provide self-service remote access to a secure system which would allow employees view and manage their personal data online 24/7. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees. By introducing a self-service option, you will be taking steps to be GDPR ready.
Thesaurus Payroll Software | BrightPay Payroll Software
Related articles:
Mar 2018
23
Those of you who were on any of our recent GDPR webinars will be aware that data controllers (e.g. a payroll bureau client) need to be amending their contracts with any data processors (e.g. the payroll bureau) to accommodate the new requirements under the GDPR.
For those of you who did not get to attend our webinars here is a brief overview.
The Legislation
Whenever a data controller uses a data processor there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out certain information which needs to be included in the contract.
Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects (an individual who is the subject of personal data) protected.
Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.
What does this contract look like?
To comply with the new requirements under GDPR you could either:
Our Advice to Payroll Bureaus
Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about GDPR.
Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contracts in place.
Template Data Protection Agreement (DPA)
To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.
Mar 2018
22
Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would allow the data subject with direct access to his or her personal data. Thesaurus Connect is a self-service option which will give you and your employees online remote access to view and manage your payroll data 24/7.
Thesaurus Connect is tailored to help you overcome the challenge that GDPR presents. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees.
Online synchronisation and backup of payroll data will maintain accuracy and improve efficiency. By introducing a self service option, employers can begin a new way of remotely accessing information and start taking steps to be GDPR ready. Additionally a self-service facility will automate payslip distribution, simplify and integrate leave requests and keep a secure and chronological backup of your payroll records.
The option of Thesaurus Connect will keep your employee payroll data secure and offers your employees the added reassurance that you are taking action to become GDPR ready. The advantages of a cloud backup and self-service software are numerous, but mainly it significantly increases the efficiency and effectiveness of payroll work.
Workflow is increased since employers are no longer wasting time on manual data processing and therefore are working quicker and more securely within the remit of the GDPR guidelines. Thesaurus Connect is an online payroll and HR software solution that has been developed to help our customers become GDPR ready. It removes the manual data entry requirement for annual leave management, updating employees details, re-sending payslips, backing up your data and HR processing.
Here are the biggest GDPR advantages of Thesaurus Connect:
Payroll bureaus and accountants have instant access to an online self-service to view clients payroll information. Employers can invite their accountant to access their payroll information. Through the accountant / employer online dashboard, you can have remote and secure access to employee payslips, payroll reports, amounts due to HMRC, annual leave requests and employee contact details.
Invite employees to their own self-service online portal. This secure system would provide employees with direct access to his or her personal data. Employees can securely view and download payslips, P60s and P45s and easily submit holiday requests, view leave taken and leave remaining.
Thesaurus Connect is fully integrated with Thesaurus’s payroll software ensuring the payroll data is correct at all time. Any annual leave or other leave, changes to employee contact details and payroll reports are updated and synchronised with the payroll software and Thesaurus Connect.
Under GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber attacks. Thesaurus Connect is powered using the latest web technologies and hosted on Microsoft Azure for ultimate performance, reliability and scalability. Thesaurus Connect maintains a chronological history of your backups which you can restore or download any time keeping your records protected.
Thesaurus Connect allows password protected mobile and online access to your payroll data anytime and anywhere. This fulfils the GDPR recommendation to provide remote access to a secure system where your employees would have direct access to their personal data.
Employers can view all upcoming leave in the Thesaurus Connect company wide calendar where they can easily authorise leave requests with changes automatically flowing back to the payroll. You can upload sensitive HR documents such as employee contracts keeping confidential information restricted to each individual employee.
Thesaurus Connect makes it possible to drastically reduce the number of HR queries you deal with such as access to view personal data, payslip requests, annual leave requests, managing employee contact information and employee payroll records.
You will soon be able to upload employees’ hours and timesheets directly through the Thesaurus Connect portal. The upload facility offers an additional layer of protection for your payroll information. From there, you can process the payroll from the timesheet upload. This automated process will offer a more secure and accurate recording of the timesheets and hours.
Cloud advancements enables an interactive collaborative experience for your accountants, employers and employees. Thesaurus Connect speeds up and transforms the accountant / employer relationship from a document exchange or transactional relationship to an instant access one. Book a demo today to see just how Thesaurus Connect can help towards GDPR compliance.
Free GDPR Webinars: What does GDPR mean for your business?
Payroll Bureaus and employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. In this webinar, we will peel back the legislation to outline clearly:
Agenda
Bureau CPD Webinar | Employer Webinar
Thesaurus Newsletter - Are you missing out?
GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!