The Legislation
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place.
The contract is important so that both parties understand their responsibilities and liabilities.
The GDPR sets out what needs to be included in the contract.
Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.
Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.
Our Advice to Payroll Bureaus
Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about the new regulations.
Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contract in place.
What does this contract look like?
To comply with the new requirements under GDPR you could either:
Template Data Protection Agreement (DPA)
To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.
Data Protection Agreement - Download here
Please note: The material and information contained within this document is for general information purposes only. You should not rely upon the information as a basis for any business, legal or any other decisions. Bright takes no responsibilities, makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability or availability with respect to the information contained in the document for any purpose. Any reliance you place on such material is therefore strictly at your own risk.
Need help? Support is available at 0345 9390019 or [email protected].