Data Processor Agreement

The Legislation

Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. a payroll bureau) there needs to be a written contract in place.

The contract is important so that both parties understand their responsibilities and liabilities.

The GDPR sets out what needs to be included in the contract.

Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.

Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.

Our Advice to Payroll Bureaus

Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about the new regulations.

Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contract in place.

What does this contract look like?

To comply with the new requirements under GDPR you could either:

  1. Draft new Terms of Service / EULAs / Engagement Letters for each client to include the new GDPR requirements
  2. Where you have an existing contract in place you could issue an Addendum to this contract covering the new GDPR requirements, this is commonly known as a Data Protection Agreement (DPA)

Template Data Protection Agreement (DPA)

To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.

Data Protection Agreement

Please note: The material and information contained within this document is for general information purposes only. You should not rely upon the information as a basis for any business, legal or any other decisions. Thesaurus Software takes no responsibilities, makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability or availability with respect to the information contained in the document for any purpose. Any reliance you place on such material is therefore strictly at your own risk.

Need help? Support is available at 01 8352074 or thesauruspayrollsupport@brightsg.com.

HelpCoronavirus (Covid-19) - Guidance for Thesaurus Users2022 Thesaurus Payroll Manager - System Requirements2022 Budget - Employer Summary2022 Payroll Manager - AvailabilityStarting the New Tax YearImporting from the previous yearMoving to Thesaurus Payroll Manager from another softwareGetting started - First Time UsersCompany SetupDigital CertificatesAdd/ Amend EmployeesRevenue Payroll Notifications (RPNs)Payroll CalendarProcessing PayrollPayroll DeductionsPayroll Submission Requests (PSRs)Distributing PayslipsPaying EmployeesCorrectionsRevenue PaymentsRevenue - Contact Telephone NumbersReportsProcessing StartersProcessing LeaversBenefit in KindStatutory Sick Pay (SSP)Illness BenefitParenting BenefitsPensionsChanging an Employee's Pay FrequencyPayroll JournalsYear End 2021Backup and RestoreTransferring Payroll Manager from one PC to anotherCSOHolidaysLeave EntitlementsEmployment LawGeneralGlossary of Terms (Pre 2019)Thesaurus ConnectGDPRLicence Agreement for Thesaurus Payroll ManagerBright ID