By law, employers must provide employees with payslips which include personal data such as proof of earnings, tax paid and any pension contributions. It is advisable that businesses take steps to protect and securely send this payslip information.
There is nothing in the GDPR legislation that states it is no longer permissible to post payslips. Payroll data processors who post payslips will need to ensure that all appropriate security measures are in place to protect the payslip. For example, you may use security payslip envelopes, marking the envelope as ‘Private and Confidential’ and ensuring that it is addressed to a specific person. In some cases, you may decide to use registered post.
There is nothing in the GDPR legislation that states it is no longer permissible to email payslips. However, data processors should take steps to securely protect each employee’s payslip. It is recommended that payslips are password protected with a password that is uniquely chosen by the employee and sent directly to the employee’s chosen email address.
Where a generic and identical password is used for all employees, this could be considered a breach of GDPR. In this scenario, the employer could be seen as not taking sufficient steps to offer the most secure environment to protect employee’s personal payroll information.
Remote Self-Service Access
The GDPR legislation includes a best practice recommendation for businesses to provide individuals with a secure self-service platform offering remote access to information held. For maximum security, it is recommended (but not mandatory) to offer a secure self-service portal to securely send and store payslips and other sensitive payroll documents.
On a self-service system, such as BrightPay Connect, employees can remotely access payroll information including payslips, contact details, and employee documents such as employee contracts and handbooks. Employees can also request leave and view their annual leave entitlements including leave taken and leave remaining, which are also considered personal data.
Accessing payslips and personal contact details through a remote access secure system will provide flexibility and full transparency for employees to retrieve and update their information at any time.
BrightPay is running a free webinar to help you with what you need to know about GDPR. The webinar takes place on 3rd July at 11.00 am and is free to attend for both employers and payroll bureaus.
This webinar will look at the biggest areas of concern including emailing payslips, employee consent and your legal obligation. We will also look at some important steps to achieve GDPR compliance.
GDPR is changing how we communicate with you. From May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!