Navigating GDPR payroll obligations

9th Mar 2020
Brought to you by
Share this content

It doesn’t matter where your company is based when it comes to GDPR compliance. If a company employs EU individuals, then GDPR applies to them and this article is worth a read about how KeyPay can help you manage your clients’ employee GDPR obligations. 

When it comes to data, GDPR gives the EU individual:

  1. The right to request their personal data 

  2. The ‘right to be forgotten’

Requesting personal data

From a payroll perspective, this means that client employee can at any stage, (either during or after employment) request their personal information from their employer.

Rather than scrambling and hustling to find every component, employers can simply download the employee data into a zip file and, hey presto, you’ve got all the employee records in one place including:

  • employee details

  • name

  • date of birth

  • start date

  • address etc.

  • as well as any associated documents including:

    • leave requests

    • expense requests and timesheets

    • photos captured from clocking in/out of shifts

    • employee profile pictures and

    • payslips

The right to be forgotten

Similarly, EU individuals have the right to be forgotten… But simply deleting employee data might mess with your payroll reporting and payroll information, and there is a requirement for businesses to retain employee data for 3 years after which the EU individual can request deletion. 

KeyPay has factored that all in and built an ‘anonymising employee data’ function, which is only available for terminated employees and should be used with extreme caution. Essentially, it allows bureaux to comply with the GDPR regulations, but also with local legislation – it’s not fully deleted, but instead, any personally identifiable information is anonymised, making it impossible to identify the employee. All non-core payroll information (such as timesheet notes, photos captured from clocking in/out of shifts etc) will be deleted. It’s important to remember that you cannot recover anonymised data

If you consider the number of EU individuals in clients’ businesses, then GDPR compliance should not be forgotten. KeyPay is just making your working life a whole lot easier.

For bureaux, this makes compliance simple and easy rather than having to manually remove data or de-identify information everything can be handled in one-click saving an enormous amount of time spent de-identifying employees.

Other ways KeyPay helps with GDRP security 

When sending email notifications out for payslips, Automatic Enrolment notices or reports, bureaus can also force employees and client managers to log into the system before they can see sensitive information, thus providing another layer of GDPR security.

For a full step by step on performing these functions, check out our comprehensive guide to downloading and anonymising employee data here.

Want to find out more about how KeyPay can simplify your clients’ GDPR obligations? Try KeyPay - 30 days free.