Navigating GDPR payroll obligations
It doesn’t matter where your company is based when it comes to GDPR compliance. If a company employs EU individuals, then GDPR applies to them and this article is worth a read about how KeyPay can help you manage your clients’ employee GDPR obligations.
When it comes to data, GDPR gives the EU individual:
The right to request their personal data
The ‘right to be forgotten’
Requesting personal data
From a payroll perspective, this means that client employee can at any stage, (either during or after employment) request their personal information from their employer.
Rather than scrambling and hustling to find every component, employers can simply download the employee data into a zip file and, hey presto, you’ve got all the employee records in one place including:
date of birth
as well as any associated documents including:
expense requests and timesheets
photos captured from clocking in/out of shifts
employee profile pictures and
The right to be forgotten
Similarly, EU individuals have the right to be forgotten… But simply deleting employee data might mess with your payroll reporting and payroll information, and there is a requirement for businesses to retain employee data for 3 years after which the EU individual can request deletion.
KeyPay has factored that all in and built an ‘anonymising employee data’ function, which is only available for terminated employees and should be used with extreme caution. Essentially, it allows bureaux to comply with the GDPR regulations, but also with local legislation – it’s not fully deleted, but instead, any personally identifiable information is anonymised, making it impossible to identify the employee. All non-core payroll information (such as timesheet notes, photos captured from clocking in/out of shifts etc) will be deleted. It’s important to remember that you cannot recover anonymised data
If you consider the number of EU individuals in clients’ businesses, then GDPR compliance should not be forgotten. KeyPay is just making your working life a whole lot easier.
For bureaux, this makes compliance simple and easy rather than having to manually remove data or de-identify information everything can be handled in one-click saving an enormous amount of time spent de-identifying employees.
Other ways KeyPay helps with GDRP security
When sending email notifications out for payslips, Automatic Enrolment notices or reports, bureaus can also force employees and client managers to log into the system before they can see sensitive information, thus providing another layer of GDPR security.
For a full step by step on performing these functions, check out our comprehensive guide to downloading and anonymising employee data here.
Want to find out more about how KeyPay can simplify your clients’ GDPR obligations? Try KeyPay - 30 days free.
You might also be interested in
KeyPay is the first true cloud-based platform to hit the UK bureau market, designed to eliminate the traditional payroll headaches of employee onboarding, data collection, payslip distribution, HMRC and pension fund compliance. In a single system, KeyPay automates the flow of data from employees across rotas, timesheets, leave management, and...