Aug 2018
20
BrightPay Connect is tailored to help you overcome some of the key challenges GDPR presents when processing payroll. The payroll itself is still processed on BrightPay’s desktop application, however the payroll information is stored online on a secure cloud server. As the payroll information is stored online, it has allowed us to bring you even more benefits to help you with GDPR compliance.
With the GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber attacks. Essentially BrightPay Connect is an automated cloud backup, keeping employee’s payroll data safe and secure. BrightPay Connect will automatically backup payroll data every 15 minutes when the payroll is open, and again when you close down the employer file. A chronological history of all backups will be maintained which can be downloaded and restored at any time.
GDPR includes a recommendation to provide remote access to a secure system, which would provide employees with direct access to their personal data. With BrightPay Connect, employees can be invited to their own password protected self-service portal. Employees can login to the portal 24/7 on any device, including PC’s, Macs, tablets and smartphones (essentially anywhere that they have access to an internet browser) or there is also an employee smartphone app where employees can login and get notifications directly to their device.
With BrightPay Connect, employees can access a payslip library where they can view and download all historic and current payslips. Employees can also access payroll documents such as P60s and P45s, HR documents (e.g. their contract of employment), personal data held by their employer and past and scheduled leave.
The right to rectification of personal data held is an important employee right under the GDPR. With the employee self-service portal, employees can update their basic personal details such as their phone number and postal address.
Data controllers and data processors must ensure that the personal data held is relevant and up-to-date. As employees can update their basic personal details on BrightPay Connect, this ensures that employers and payroll bureaus have the most accurate and current details on file for employees.
With the GDPR, data controllers must ensure that, by default, only personal data which is necessary for each specific purpose of the processing can be accessed. Therefore, payroll processors should only have access to the personal data that is strictly required for processing the payroll. This is referred to as data minimisation, or privacy by default. With BrightPay Connect, users can be set up so that they only have access to the information needed to complete their specific responsibilities. For example, there may be a HR manager who should not have access to employee’s payroll data, or a payroll processor who should not have access to employee documents or employees marked as confidential.
BrightPay Connect acts as an all in one central location to store all things employee related, including payroll, HR and other employment related documents. Employers have the ability to upload documents that apply to all employees (e.g. company handbook), documents that are unique to individual employees (e.g contract of employment), or even documents that are relevant to a particular department.
If you are a payroll bureau, you can invite your payroll clients to BrightPay Connect to their own online employer dashboard. This is a secure portal for client communications, eliminating the need to send documents with sensitive personal information by email. Clients can view employee payslips as soon as they have been finalised, they can run their own payroll reports and view amounts due to HMRC. Clients will also be able to upload employee timesheets and payments and approve the payroll through their employer portal (coming soon). This offers an additional layer of GDPR protection for client’s payroll data.
Essentially, by introducing BrightPay Connect in your business, you will be taking steps to be GDPR compliant. Book a demo today to have a look at BrightPay Connect.
Related articles:
Aug 2018
16
From April 2021 the student loan repayment threshold will rise to £25,000 in Scotland. Before graduates start to pay back their loans they will have to earn at least £25,000. The First Minister announced this change along with plans to reduce the maximum repayment period for student loans by 5 years, from 35 years to 30 years.
Currently, the student loan repayment threshold is £18,330 for Student Loan Plan 1 for 2018-19. Student Loan Plan 1 is for pre-2012 loans, the threshold for 2017-18 was £17,775.
For Student Loan Plan 2, the current student loan repayment threshold is £21,000 for 2018-19. The student loan repayment threshold for postgraduate loans is also £21,000, these loans are due for repayment through the PAYE system from April 2019.
Are you missing out on our newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at any time. Don’t miss out - subscribe today!
Aug 2018
3
Under Article 16 of the GDPR, individuals have the right to rectify data that is inaccurate about them. An individual may also be able to have incomplete personal data completed. Although you may have already taken steps to ensure that the personal data was accurate when you first obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.
What do we need to do?
If you receive a request from an individual to rectify their personal data, you should take reasonable steps to ensure that the data is accurate and rectified if necessary. The reasonable steps taken will depend on the nature of the personal data and what it will be used for. The more important the personal data is to be accurate, the greater the effort you should put into ensuring it’s accurate and if not, taking steps to rectify it.
When is data inaccurate?
The GDPR does not give a definition of the term accuracy. However, it states that personal data is inaccurate if it is incorrect or misleading in any way. It is the data controller's responsibility to ensure the personal data they manage is accurate and up-to-date.
Can we refuse to comply with the request for rectification for other reasons?
You can refuse to comply with a request for rectification if the request is excessive or manifestly unfounded, taking into account whether the request is repetitive in nature. There are two things you can do if you consider that a request is excessive or manifestly unfounded:
1. Request a “reasonable fee” to deal with the request
2. Refuse to deal with the request
You will need to justify your decision in either case. The reasonable fee should be based on the administrative costs of complying with the request. If you decide to charge a fee, it is advised that you contact the individual within one month. You do not need to comply with the request until you have received the fee.
In most cases, you cannot charge a fee to comply with a request for rectification. However, as noted above, if the request has been excessive or manifestly unfounded you may charge a reasonable fee to cover the administrative costs.
Related Articles:
HMRC and GDPR - Holding and using your personal information
GDPR to affect your employee payroll processing!
GDPR - Everything you need to know!
Are you missing out on our newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at any time. Don’t miss out - subscribe today!
Aug 2018
1
Our GDPR experts have put together a list of some of the frequently asked questions that we have been asked by our customers regarding the General Data Protection Regulation. Additionally, the legislation states that whenever a data controller (e.g. business / employer) uses a data processor (e.g. payroll bureau) there needs to be a written contract or Data Processor Agreement in place.
View all FAQs | Template Data Processor Agreement
This FREE webinar will look at what’s new in GDPR, how it may affect your business and what have we learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulation to benefit you, your customers, suppliers and employees. The webinar will include a demo of how our new timesheet upload feature can save you time and help you work towards GDPR compliance.
One of the main principles of the GDPR is that data shall be processed lawfully, fairly and in a transparent manner. These three elements overlap and all three must be satisfied in order to demonstrate compliance. The GDPR stipulates that anywhere personal data is being collected, either directly or indirectly, Privacy Notices should be in place.
Individuals have gained the ‘right to erasure’ or commonly known as the ‘right to be forgotten’. This new right came into force with the implementation of the GDPR. It essentially allows individuals to request for erasure of their personal details verbally or in writing.
Our optional add-on, BrightPay Connect is an online payroll and HR self-service tool that offers significant benefits to help your business or practice comply with the GDPR legislation. Accountants, employers and employees can instantly access their payroll information, enabling many routine payroll and HR related tasks to be automated. BrightPay Connect significantly increases the efficiency and effectiveness of payroll work within the remit of the GDPR guidelines.
BrightPay Connect & GDPR | Book a demo
By law, employers must provide employees with payslips which include personal data such as proof of earnings, tax paid and any pension contributions. It is advisable that businesses take steps to protect and securely send this payslip information.
Are you missing out on BrightPay's newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!