Brought to you by
BrightPay logo

The payroll solution that provides all you need for Auto Enrolment.

Save content
Have you found this content useful? Use the button above to save it to your profile.

GDPR: Employee Consent & Securely Sending Payroll Data

7th Nov 2018
Brought to you by
BrightPay logo

The payroll solution that provides all you need for Auto Enrolment.

Save content
Have you found this content useful? Use the button above to save it to your profile.

Businesses must provide their employees with information on what happens to their data, for example sharing employee’s personal data with a third party (payroll bureau) who processes the payroll. Employee personal data can be stored and managed by a payroll bureau, bookkeeper or accountant for the sole benefit of correctly paying their wages, paying the correct tax and providing a payslip. All of this legitimately falls under the remit of the GDPR legislation.

By law, you must provide employees with payslips which include personal data such as proof of earnings, tax paid and any pension contributions. It is advisable that bureaus take steps to protect and securely send this payslip information.

Employee Consent

Many bureaus have expressed concern and confusion in relation to getting consent from client’s employees and securely distributing payslips. Payroll bureaus do not need to seek consent from individual employees that the payroll is processed for. However, the employer will need to inform their employees that they are sharing their personal information with a third party. It is also an employers responsibility to ensure that their payroll bureau or accountant is taking action to protect their employees’ payroll information under GDPR.

An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing. It should be noted that bureaus should keep only the personal data that is strictly required for the purpose of the payroll. This is referred to as data minimisation or privacy by default.

Recommended Self-Service Option

The GDPR legislation includes a best practice recommendation for businesses to provide individuals with a secure self-service platform offering remote access to information held. On a self-service system, employees would be able to remotely access payroll information including payslips, contact details, and employee documents such as employee contracts and handbooks. Employees may also be able to request leave and view their annual leave entitlements including leave taken and leave remaining, which are also considered as personal data.

According to the Information Commissioner's Office (ICO)

The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information (Recital 63).

The employee self-service portal should be password protected for every employee. Again, identical or a generic password must not be used for all employees. Each employee's password should be unique, chosen by the employee and confidential, offering maximum protection. Accessing payslips and personal contact details through a remote access secure system will provide flexibility and full transparency for employees to retrieve their information at any time.

A self-service portal offers significant benefits for payroll bureaus to comply with the GDPR legislation. Remote access will provide clients and their employees with direct access to their payroll information anywhere, anytime. Clients can login 24/7 to view their employees' payslips, HR documents, amounts due to HMRC and other payroll reports.

Payroll bureaus also benefit as they can now automate the distribution of payslips and payroll reports. With some systems, payslips and payroll reports will be automatically available on the self-service portal as soon as the payroll has been finalised. This offers additional security against cyber attacks and eliminates email hacks that could occur when sending payslips or payroll reports by email. Additionally, a self-service option allows payroll bureaus to keep their data updated and accurate as employees can edit their contact information.

Written by Karen Bennett | BrightPay Payroll Software

brightpay-connect

Related Articles: 

Tags: