GDPR
GDPR
In May 2018 the new GDPR became law in the UK. These new regulations focus on protecting personal data. It’s easy to think that organisations which only deal with other organisations (B2B) won’t be affected by the new regulations, but every employer is required to be compliant due to holding sensitive information about their employees.
A key area in GDPR compliancy is data communication. We utilise a secure file repository, Sharefile, to facilitate transfer of information between us and our clients. Not only does it mean that we are compliant, but if our clients also use the facility, they are compliant as well with regards to data communication.
GDPR Principles
Transparency - you must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
Limitation – Data must only be used for a legitimate purpose and only kept for as long as necessary to complete that purpose.
Relevancy – Data must be relevant to the purpose it is being used for. E.g. Mobile Number information is not required for payroll purposes and should therefore not be stored.
Accuracy – The data processor must take every reasonable step to ensure data is kept up to date or removed if inaccurate or incomplete.
Storage – Data must be deleted when it is no longer needed. There may be legal reasons why data may be kept.
Integrity and confidentiality – Data must be stored securely and access control procedures must be in place.
As an employer, your organisation is automatically classed as a ‘Data Controller’ with respect to employee data. If you process your payrolls in-house you would also be a ‘Data Processor’. If you decided to outsource your payroll processing, the payroll bureau would be the ‘Data Processor’ for employee payroll data.