When it comes to being GDPR-compliant in a payroll bureau, you might think that you only need to password protect all the payroll reports and payslips. There is nothing in the GDPR legislation that states it is no longer permissible to email payslips, that doesn’t mean you can email payslips without protecting the information you send. There is a strict process that needs to be followed.
If you choose to email payslips, you need to ensure that they are all password protected and sent directly to the employee’s chosen email address. It is very important that a unique password is used for each employee, as using the same password for all employees could be considered a breach of GDPR. Once they are sent, then the payslips need to be deleted from the server of your payroll software provider.
But sharing the information securely is not the only thing that you need to do to make sure that you are GDPR compliant. Making sure you put all the necessary steps in place to avoid cyber attacks, keeping secure copies of the data in case of theft, fire or damage to the computers and providing employees with a way to easily update the information their employer holds about them are other important GDPR requirements.
Putting a system in place that takes into account all these requirements can be time consuming. Instead, secure portals can simplify the payroll process and offer the most secure environment to protect the employees’ information. Secure portals offer the maximum level of security and compliance with GDPR and make the payroll process much easier since they automate payslip distribution and eliminate the need to email payroll reports each pay period.
Besides the ability to securely send and store payslips and other sensitive payroll documents, self-service portals also have other advantages such as providing employers and employees with an easy way of remotely accessing information. Additionally, self-service portals make it easy for employees to request leave, keep track of their personal information and update it when necessary, and they also keep a secure backup of all the payroll records.
Avoiding cyber threats… and fines!
Self-service portals does not only make GDPR processes much easier, they also eliminate the risk of being fined up to €20 million or 4% of annual turnover of the previous year, whichever is higher. BrightPay Connect automatically backs up payroll data every 15 minutes when the payroll is open, and again when you close down the employer file and all the backups are available to be downloaded and restored if necessary.
This means that the portal always keeps a secure copy of the payroll files in the cloud, protecting the data in case of cyber attacks and making it possible to restore it should something happen to the physical equipment, such as any damage to the computers.
GDPR specifies that individuals have a right to have inaccurate personal data rectified, or completed if necessary. The BrightPay Connect portal makes all the personal data held by their employer visible to the employee, who can easily edit approve leave requests and update contact details for employees.
When the employee information is incomplete or inaccurate, for instance, should their phone number or postal address change, employees can easily update their details from the portal, which they can access 24/7 from any device, such as PCs, Macs, tablets or even their smartphones via the employee smartphone app.
Limited access to data
To be GDPR compliant, all the payslip information should only be available to payroll processors, only when it is strictly necessary for processing the payroll. With BrightPay Connect, users can be set up so that they only have access to the information needed to complete their assigned tasks.