NOTE: You are viewing documentation for a previous tax year version of BrightPay. Click here to view the documentation for the current 2024/25 tax year version.

Data Processor Agreement


The Legislation

Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place.

The contract is important so that both parties understand their responsibilities and liabilities.

The GDPR sets out what needs to be included in the contract.

Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.

Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.



Our Advice to Payroll Bureaus

Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about the new regulations.

Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contract in place.



What does this contract look like?

To comply with the new requirements under GDPR you could either:

  1. Draft new Terms of Service / EULAs / Engagement Letters for each client to include the new GDPR requirements
  2. Where you have an existing contract in place you could issue an addendum to this contract covering the new GDPR requirements, this is commonly known as a Data Protection Agreement (DPA).



Template Data Protection Agreement (DPA)

To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.

Data Protection Agreement - Download here

 

Please note: The material and information contained within this document is for general information purposes only. You should not rely upon the information as a basis for any business, legal or any other decisions. Bright takes no responsibilities, makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability or availability with respect to the information contained in the document for any purpose. Any reliance you place on such material is therefore strictly at your own risk.

Need help? Support is available at 0345 9390019 or [email protected].

23-24 BrightPay - System Requirements23-24 BrightPay - DownloadIntroduction to BrightPayImportant Information for Mac UsersStarting the New Tax YearImporting From The Previous Tax YearInstalling BrightPayMoving to BrightPay from another payroll softwareBureau Enhancements - Useful Functionality for Bureau Licence HoldersEmployer DetailsEmployee DetailsCoding NoticesPayroll CalendarProcessing PayrollImporting Pay Data using CSV FileDistributing PayslipsPaying EmployeesRTICommon HMRC Error MessagesAnalysisPayroll JournalsHMRC PaymentsMaking Corrections to PayrollScheduling Future PaymentsSwitching an Employee's Pay FrequencyDirectorsOff-Payroll Working (IR35)StartersLeaversStudent Loan DeductionsPostgraduate Loan DeductionsStatutory PaymentsAttachment of EarningsExpenses & BenefitsPensions (outside of Automatic Enrolment)Payroll GivingYear EndRates & Thresholds at a GlanceTaxNational InsuranceNational Minimum/Living WageMileage Allowance Payments (MAPs)Employment AllowanceApprenticeship LevyTermination Awards & Sporting TestimonialsGender Pay Gap ReportingLeave Reporting & Employee CalendarAnnual LeavePayslip TranslationsBacking Up/Restoring Your PayrollConstruction Industry Scheme (CIS)Automatic EnrolmentBrightPay ConnectGDPRBright Terms and Conditions and BrightPay End User Licence AgreementBright ID