Brought to you by
BrightPay logo

The payroll solution that provides all you need for Auto Enrolment.

Save content
Have you found this content useful? Use the button above to save it to your profile.

GDPR: The Recommended Self-Service Option for Payslips

23rd Apr 2018
Brought to you by
BrightPay logo

The payroll solution that provides all you need for Auto Enrolment.

Save content
Have you found this content useful? Use the button above to save it to your profile.

There is nothing in the GDPR legislation that states it is no longer permissible to email payslips. However, payroll bureaus should take steps to securely protect each employee’s payslip. When emailing payslips, bureaus should ensure that all payslips are password protected with a password that is uniquely chosen by the employee. The payslip should be sent directly to the employee’s chosen email address.

Where a generic and identical password is used for all employees, this could be considered a breach of GDPR. In this scenario, the bureau could be seen as not taking sufficient steps to offer the most secure environment to protect employee’s personal pay information.

Furthermore, your payroll provider should provide secure encryption on all payslips and automatically delete payslips that are being sent from their server. Check with your provider to be certain that they are offering this level of protection. If not, you should look for another payroll provider who does. For maximum security, it is recommended (but not mandatory) to offer a secure self-service portal to securely send and store payslips and other sensitive payroll documents.  

Recommended Self-Service Option

The GDPR legislation includes a best practice recommendation for businesses to provide individuals with a secure self-service platform offering remote access to information held. On a self-service system, employees would be able to remotely access payroll information including payslips, contact details, and employee documents such as employment contracts and handbooks. Employees may also be able to request leave and view their annual leave entitlements including leave taken and leave remaining, which are also considered as personal data.

According to the Information Commissioner's Office (ICO):

The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information (Recital 63).

The employee self-service portal should be password protected for every employee. Again, identical or a generic password must not be used for all employees. Each employee's password should be unique, chosen by the employee and confidential, offering maximum protection. Accessing payslips and personal contact details through a remote access secure system will provide flexibility and full transparency for employees to retrieve their information at any time.

A self-service portal offers significant benefits for payroll bureaus to comply with the GDPR legislation. Remote access will provide clients and their employees with direct access to their payroll information anywhere, anytime. Clients can login 24/7 to view their employees' payslips, HR documents, amounts due to HMRC and other payroll reports.

Payroll bureaus also benefit as they can now automate the distribution of payslips and payroll reports. With some systems, payslips and payroll reports will be automatically available on the self-service portal as soon as the payroll has been finalised. This offers additional security against cyber attacks and eliminates email hacks that could occur when sending payslips or payroll reports by email. Additionally, a self-service option allows payroll bureaus to keep their data updated and accurate as employees can edit their contact information.

Payroll Data and GDPR Free Guide

What you need to know about consent, emailing payslips, and your legal obligation

Payroll bureaus are legally obliged to protect payroll information on behalf of their clients. The guide will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.

Download Guide

Free CPD Webinar: GDPR for Payroll Bureaus

Payroll bureaus process large amounts of personal data, not least in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. In this CPD accredited webinar, we will peel back the legislation to outline clearly:

  • What is GDPR and why is it being implemented?
  • Why employers need to take it seriously
  • How it will impact payroll bureaus
  • How to prepare for GDPR
  • How we are working to help you

Register here

Tags: