HMRC have advised that they are having intermittent issues and delays with RTI submissions and responses. Work is urgently being carried out to fix the issue.

NOTE: You are viewing documentation for a previous tax year version of BrightPay. Click here to view the documentation for the current 2024/25 tax year version.

Data Processor Agreement

The Legislation

Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place.

The contract is important so that both parties understand their responsibilities and liabilities.

The GDPR sets out what needs to be included in the contract.

Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.

Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.

Our Advice to Payroll Bureaus

Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about the new regulations.

Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contract in place.

What does this contract look like?

To comply with the new requirements under GDPR you could either:

  1. Draft new Terms of Service / EULAs / Engagement Letters for each client to include the new GDPR requirements
  2. Where you have an existing contract in place you could issue an addendum to this contract covering the new GDPR requirements, this is commonly known as a Data Protection Agreement (DPA).

Template Data Protection Agreement (DPA)

To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.

Data Protection Agreement - Download here

 

Please note: The material and information contained within this document is for general information purposes only. You should not rely upon the information as a basis for any business, legal or any other decisions. Thesaurus Software takes no responsibilities, makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability or availability with respect to the information contained in the document for any purpose. Any reliance you place on such material is therefore strictly at your own risk.

Need help? Support is available at 0345 9390019 or [email protected].

Important Information for Mac UsersBureau Enhancements - Additional Functionality Bureau Licence Holders (Only)Installing BrightPayOrdering for The New Tax YearImporting From The Previous Tax YearMoving to BrightPay from another payroll softwareEmployer DetailsEmployee DetailsProcessing PayrollPayroll CalendarPayslip TranslationsMaking Corrections to PayrollPre-paying an EmployeeScheduling Future PaymentsSwitching an Employee's Pay FrequencyRTICommon HMRC Error MessagesHMRC PaymentsAnalysisGender Pay Gap ReportingPayroll JournalsStartersLeaversStudent Loan DeductionsStatutory PaymentsPensionsAttachment of EarningsExpenses & BenefitsPayroll GivingDirectorsEmployee CalendarEmployer CalendarHolidaysTaxScottish Rate of Income Tax (SRIT)National InsuranceEmployment AllowanceApprenticeship LevyNational Minimum/Living WageOff-Payroll Working in the Public SectorRates & Thresholds at a GlanceMileage Allowance Payments (MAPs)Year EndBacking Up/Restoring Your PayrollConstruction Industry Scheme (CIS)Automatic EnrolmentBrightPay ConnectGDPR