Businesses must provide their employees with information on what happens to their data, for example sharing employee’s personal data with a payroll bureau who processes the payroll. Employee personal data can be stored and managed by a payroll bureau, bookkeeper or accountant for the sole benefit of correctly paying their wages, paying the correct tax and providing a payslip. All of this legitimately falls under the remit of the GDPR legislation.
Many bureaus have expressed concern and confusion in relation to getting consent from client’s employees and securely distributing payslips. Payroll bureaus do not need to seek consent from individual employees that the payroll is processed for. However, the employer will need to inform their employees that they are sharing their personal information with a third party.
An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing. It should be noted that bureaus should keep only the personal data that is strictly required for the purpose of the payroll. This is referred to as data minimisation or privacy by default.
BrightPay is running free webinars to help you with what you need to know about GDPR. These webinars are free to attend for both payroll bureaus and employers. Places are limited - book your place now.