May 2019
15
GDPR: One Year On
It’s been one year since the introduction of the GDPR, and employers and accountants are reviewing their systems, processes and procedures on an ongoing basis to ensure they are doing their best to avoid hefty non-compliance penalties.
Thesaurus Connect is tailored to help you overcome some of the key challenges GDPR presents when processing payroll. Although Thesaurus Payroll Manager is a desktop application,Thesaurus Connect enables users to store their payroll information in the cloud. Because the payroll information is stored online, it has allowed us to bring you even more functionality and benefits, enabling users to work quicker, more efficiently and more profitably within the scope of the GDPR guidelines.
GDPR Benefits of Thesaurus Connect
- Secure Backup - Thesaurus Connect enables you to securely backup your payroll data to the cloud. With the GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber-attacks. Thesaurus Connect maintains a chronological history of all backups which can be restored or downloaded at any time, keeping your payroll records protected.
- Self-Service Access - Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would provide the data subject with direct access to his or her personal data. Since the payroll data is stored online, you can invite employees to their own password-protected self-service portal, which is accessible on any device. This fulfils the recommendation to provide remote access to a secure system where employees would have direct access to their personal data.
- Reduce Confidential Emails - For payroll bureaus, clients can log in to the employer dashboard anytime and run their payroll reports. As soon as the payroll is finalised, any report that is saved in the payroll software will automatically be available to the client on Thesaurus Connect, eliminating the need to manually run the report and email it to the client. Instead, this reduces your workload while securely giving these sensitive, payroll documents to the client, through the online account. Similarly, payslips will also be available to the employer as soon as they have been finalised.
- HR Documents - Employers can upload sensitive HR documents and confidential employee payroll information, again eliminating emails containing sensitive information. Employers can upload documents, resources and links for all employees (e.g. company handbook), individual employees (e.g. employment contract), departments (e.g. training documents) or they can choose to hide them from employees (e.g. performance reviews).
- User Access - Thesaurus Connect has the ability to set up users with restricted access, complying with the GDPR’s privacy by default, which states that you should only have access to necessary information required to complete the task at hand. With Thesaurus Connect, you can restrict users from viewing employee documents, employees marked as confidential, financial information including payslips and payroll reports and whether or not they can approve employee requests. There is also the option to restrict users to individual departments.
- Employee Personal Details - The employee can use the employee self-service to view personal information that is held in the payroll software, such as their postal address, phone number and emergency contact details. They can also update and amend these details through their self-service portal so that the employer has the most up-to-date and accurate information. This improves transparency with the employee and ensures that personal data is current and up-to-date, both of which are requirements by the GDPR.
- Annual Leave Management - Thesaurus Connect allows employees to request leave through their self-service portal and view their annual leave calendar. Again, this improves transparency with the employee, reduces email communication containing sensitive information and ensures that you have the most up-to-date information.
Many businesses are looking for better ways to keep their employee's payroll data safe and secure. By introducing Thesaurus Connect, you will be taking steps to be GDPR compliant. Book a demo today to find out how Thesaurus Connect can help you with improving GDPR compliance.
Nov 2018
11
Data Protection complaints increase since introduction of GDPR
Nearly 7 months since the General data Protection Regulation (GDPR) was introduced across all of Europe, complaints around Data Protection have nearly doubled in the UK and are up by nearly 2 thirds in Ireland.
GDPR was designed to give Data Subjects more control over their personal data, with more transparency and the threat of larger fines to those in breach of the new rules. The GDPR requires any company that suffers a data breach to notify its users/data subjects within 72 hours of the breach being discovered.
• Ireland’s Data Protection Commission (DPC), head of communications - Graham Doyle has said that ‘there has been a significant increase in the volumes of both breaches and complaints to the DPC since May 25th.’ Since GDPR enforcement began the DPC has seen monthly data breach reports double, while data protection complaints increased by 65%.
• Data protection complaints to the UK’s Information Commissioners Office (ICO) rose to 4214 in July compared to just 2310 complaints received in May before the GDPR came into force. A spokes person for the ICO said the increase was expected, as more users became aware of data protection because of publicity around the new rules and following a series of high-profile data scandals involving big technology firms.
Experts note, however that the increase does not mean that the number of data breaches has suddenly gone up, but rather reflects the full scale of the data breach problem becoming better known.
Organisations that fail to comply with GDPR can face fines of up to 4% of annual global revenue or €20 million, whichever is greater. So far none of the EU’s Data Protection Agency’s has issued any fines. Graham Doyle at the DPC said ‘It is too soon to expect to see any fines levied against organizations that have violated GDPR – given its only 3 months after it went into full effect.’
Related Articled:
- How do you submit payroll information with PAYE Modernisation?
- Manually processing payroll? It's time to modernise your payroll processing!
- How to master PAYE Modernisation
Thesaurus & BrightPay Newsletter - Are you missing out?
We will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
Thesaurus Payroll Software | BrightPay Payroll Software
Sep 2018
14
Data Protection Commissioner teams up with Thesaurus Software for free GDPR webinar
The introduction of the General Data Protection Regulation (GDPR) in May brought with it new and more stringent rules around the security of personal data and how it is processed.
The new legislation places increased responsibilities on all those parties that process personal data. All organisations, regardless of size, have had to comply with the GDPR. As part of their preparation for the GDPR, employers were required to introduce or update existing policies regarding personal data held.
Free Webinar: GDPR 3 Months On! (20th September @ 11.00 am)
Thesaurus Software is hosting a free GDPR webinar this September where we will have a guest speaker from the Data Protection Commissioner’s office. The webinar will be CPD accredited and free to attend.
In this webinar, we will look at what’s new in GDPR, how it may affect your business and what we have learned from the GDPR three months after it’s introduction. We will also discuss how Thesaurus Software can help your organisation utilise the new data protection regulations for the benefit of you, your customers, suppliers and employees.
Webinar Speakers
Laura Murphy - Laura is an experienced Human Resource professional with unique global experience. She has worked in-house and in external consultancy roles for SMEs, international organisations and public sector bodies across the UK and Ireland.
Jennie Hussey - Jennie is an experienced Employment Law Advisor with a demonstrated history of working in the HR and payroll industry.
Guest Speaker: Graham Doyle - We are pleased that Graham Doyle, Head of Communications from the Data Protection Commissioners office will be joining us to discuss GDPR and the effect it is having on all businesses.
Places are limited - book your place now!
Related articles:
- GDPR Compliant Payroll Software
- What happens if I don’t comply with GDPR
- GDPR & Thesaurus Connect
- GDPR & The Future of Payroll
Thesaurus & BrightPay Newsletter - Are you missing out?
We will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
Aug 2018
20
Thesaurus Connect: The GDPR Survival Toolkit
Thesaurus Connect is tailored to help you overcome some of the key challenges GDPR presents when processing payroll. The payroll itself is still processed on Thesaurus Payroll Manager’s desktop application, however the payroll information is stored online on a secure cloud server. As the payroll information is stored online, it has allowed us to bring you even more benefits to help you with GDPR compliance.
Secure Cloud Backup
With the GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber attacks. Essentially Thesaurus Connect is a secure cloud backup, keeping employee’s payroll data safe and secure. A chronological history of all payroll backups will be maintained which can be downloaded and restored at any time.
Self-Service Remote Access
GDPR includes a recommendation to provide remote access to a secure system, which would provide employees with direct access to their personal data. With Thesaurus Connect, employees can be invited to their own password protected self-service portal. Employees can login to the portal 24/7 on any device, including PC’s, Macs, tablets and smartphones (essentially anywhere that they have access to an internet browser) or there is also an employee smartphone app where employees can login and get notifications directly to their device.
Password Protected Payslip Portal
With Thesaurus Connect, employees can access a payslip library where they can view and download all historic and current payslips. Employees can also access payroll documents such as P60s, HR documents such as their contract of employment, personal data held by their employer and past and scheduled leave.
Right to Rectification
The right to rectification of personal data held is an important employee right under the GDPR. With the employee self-service portal, employees can update their basic personal details such as their phone number and postal address.
Accurate Employee Records
Data controllers and data processors must ensure that the personal data held is relevant and up-to-date. As employees can update their basic personal details on Thesaurus Connect, this ensures that employers have access to the most accurate personal details for employees.
User Limitations and Restrictions
With the GDPR, data controllers must ensure that, by default, only personal data which is necessary for each specific purpose of the processing can be accessed. Therefore, payroll processors should only have access to the personal data that is strictly required for processing the payroll. This is referred to as data minimisation, or privacy by default. With Thesaurus Connect, users can be set up so that they only have access to the information needed to complete their specific responsibilities. For example, there may be a HR manager who should not have access to employee’s payroll data, or a payroll processor who should not have access to employee documents or employees marked as confidential.
Central Location for Employee Documents
Thesaurus Connect acts as an all in one central location to store all things employee related, including payroll, HR and other employment related documents. Employers have the ability to upload documents that apply to all employees (e.g. company handbook), documents that are unique to individual employees (e.g contract of employment), or even documents that are relevant to a particular department.
Secure Document Exchange
If you are a payroll bureau, you can invite your payroll clients to Thesaurus Connect to their own online employer dashboard. This is a secure portal for client communications, eliminating the need to send documents with sensitive personal information by email. Clients can view employee payslips as soon as they have been finalised, they can run their own payroll reports and view amounts due to Revenue. This offers an additional layer of GDPR protection for client’s payroll data.
Essentially, by introducing Thesaurus Connect in your business, you will be taking steps to be GDPR compliant. Book a demo today to have a look at Thesaurus Connect.
Related articles:
- Payroll Data & GDPR: What you need to know
- Thesaurus launches employee payroll smartphone app
- How have Thesaurus prepared for GDPR?
Aug 2018
3
GDPR & the right to rectification:
Under Article 16 of the GDPR, individuals have the right to rectify data that is inaccurate about them. An individual may also be able to have incomplete personal data completed. Although you may have already taken steps to ensure that the personal data was accurate when you first obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.
What do we need to do?
If you receive a request from an individual to rectify their personal data, you should take reasonable steps to ensure that the data is accurate and rectified if necessary. The reasonable steps taken will depend on the nature of the personal data and what it will be used for. The more important the personal data is to be accurate, the greater the effort you should put into ensuring it’s accurate and if not, taking steps to rectify it.
When is data inaccurate?
The GDPR does not give a definition of the term accuracy. However, it states that personal data is inaccurate if it is incorrect or misleading in any way. It is the data controller's responsibility to ensure the personal data they manage is accurate and up-to-date.
Can we refuse to comply with the request for rectification for other reasons?
You can refuse to comply with a request for rectification if the request is excessive or manifestly unfounded, taking into account whether the request is repetitive in nature. There are two things you can do if you consider that a request is excessive or manifestly unfounded:
1) Request a “reasonable fee” to deal with the request
2) Refuse to deal with the request
You will need to justify your decision in either case. The reasonable fee should be based on the administrative costs of complying with the request. If you decide to charge a fee, it is advised that you contact the individual within one month. You do not need to comply with the request until you have received the fee.
In most cases, you cannot charge a fee to comply with a request for rectification. However, as noted above, if the request has been excessive or manifestly unfounded you may charge a reasonable fee to cover the administrative costs.
Related Articles:
GDPR & Payroll processing: Do I need consent from my client's employees?
BrightPay launch an employee payroll smartphone app.
Are you missing out on our newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at any time. Don’t miss out - subscribe today!
Jul 2018
2
GDPR and Payroll Processing: Do I need consent from my client’s employees?
Businesses must provide their employees with information on what happens to their data, for example sharing employee’s personal data with a payroll bureau who processes the payroll. Employee personal data can be stored and managed by a payroll bureau, bookkeeper or accountant for the sole benefit of correctly paying their wages, paying the correct tax and providing a payslip. All of this legitimately falls under the remit of the GDPR legislation.
Employee Consent
Many bureaus have expressed concern and confusion in relation to getting consent from client’s employees and securely distributing payslips. Payroll bureaus do not need to seek consent from individual employees that the payroll is processed for. However, the employer will need to inform their employees that they are sharing their personal information with a third party.
An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing. It should be noted that bureaus should keep only the personal data that is strictly required for the purpose of the payroll. This is referred to as data minimisation or privacy by default.
GDPR Webinars
BrightPay is running free webinars to help you with what you need to know about GDPR. These webinars are free to attend for both payroll bureaus and employers. Places are limited - book your place now.
- Payroll Data & GDPR - What you need to know (4th July)
This webinar will look at the biggest areas of concern including emailing payslips, employee consent and your legal obligation. We will also look at some important steps to achieve GDPR compliance. Click here to book your place now.
- GDPR - 3 Months On (20th September)
This webinar will look at what have we learned from the GDPR 3 months on and how we can help your organisation utilise the new regulations for the benefit of you, your customers, suppliers and employees. This webinar will also include a guest speaker from the Data Protection Commissioners office. Click here to book your place now.
Related articles:
- GDPR: What you need to know
- How will GDPR affect your employee processing?
- What happens if I don’t comply with GDPR ?
Jun 2018
8
What happens if I don’t comply with GDPR ?
The amount of data currently being processed by businesses was unforeseeable way back in the 1990’s when the current Data Protection Regulation was drawn up. Officials recognised that the current rules just weren’t sufficient to handle the current digital era. An updated reform was agreed and GDPR was born.
From May 25th, the GDPR legislation was enforced by data regulators across Europe. As this deadline is passed, it is important to note that every business that stores and manages personal data will be affected by this change.
To help you with your GDPR preparation we’ve compiled a list of some of the most common questions that we get asked:
What is personal data?
Personal data is anything that allows a person to be identified. Some examples would be; name, address, IP address or photo.
What happens if I don’t comply with the GDPR?
One of the most talked about elements of the GDPR is the consequences for non-compliance. Companies that fail to comply can face fines of up to £20 million or 4% of turnover (whichever is greater).
Will the GDPR affect my business?
In short, yes. GDPR will affect every individual and organisation that holds or processes personal data from any individual in the EU.
Can I still email payslips?
Emailing payslips is still perfectly acceptable under the GDPR. However, it is important to consider the security of the payslip. Payroll software, like BrightPay & Thesaurus, will encrypt payslips and automatically delete payslips that are sent from our servers.
How can BrightPay/ Thesaurus help?
Data Protection has always been a priority for BrightPay & Thesaurus. Like all companies, we’ve had to review how we handle data in preparation for the GDPR. Here is a list of resources we’ve put together to aid you on the voyage to becoming compliant with the GDPR:
1. Free GDPR webinars for payroll bureaus and employers
Join us for our free webinar where we will discuss what GDPR is and why employers need to take it seriously.
2. BrightPay & Thesaurus Connect
The GDPR states that where possible individuals should have access to a secure, self-service remote system which would provide direct access to their personal data. BrightPay Connect is a self-service option which will give employees online remote access to view their payroll information at any time.
3. Free GDPR and The Future of Payroll guide
This guide will specifically look at the impact of GDPR on your payroll processing and highlight the biggest areas of concern. We will walk through some important steps to achieve GDPR compliance.
4. Free template: Data Processor Agreement
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities.
BrightPay Newsletter - Are you missing out?
GDPR is changing how we communicate with you. From May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!
Related Articles:
- Thesaurus - June 2018 customer update.
- GDPR: What you need to know.
- Real-time reporting to become part of payroll processing.
Thesaurus Payroll Software | BrightPay Payroll Software.
Jun 2018
5
Thesaurus Customer Update: June 2018
PAYE Modernisation: Understanding and implementing the new legislation
The way in which we communicate and send payroll information to Revenue is changing. The objective of PAYE Modernisation allows for Revenue, employers and employees to access the most accurate, up-to-date information relating to pay and statutory payroll deductions. PAYE Modernisation will be effective from the 1st of January 2019 and will apply to all employers.
Bureau webinar | Employer webinar
Free Webinar: Payroll Data & GDPR - What you need to know
Employers must take steps to protect and securely manage employees’ personal data to comply with GDPR. Equally, where a business outsources their payroll to a third party (payroll bureau), they are legally obliged to provide assurances to safeguard the payroll information they manage on behalf of their clients. Places are limited.
PAYE Modernisation - The Facts
PAYE Modernisation is a mandatory payroll requirement that will be introduced from the 1st January 2019. It won’t change the way you calculate your PAYE information, it just means that you will need to send your data through to Revenue in real time. Every time you pay your employees (i.e. each pay period), you will need to submit PAYE information to Revenue, through an API link via your payroll software.
Read full article | Register for webinar
GDPR - What to include in your template Data Processor Agreement
Whenever a data controller uses a data processor there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out certain information which needs to be included in the contract.
Find out more | Template Data Processor Agreement
Thesaurus Connect’s NEW Employee Smartphone App
Our employee self-service smartphone and tablet app is available with our cloud add-on Thesaurus Connect. The advancement of employee mobile apps offers many different advantages for employers, employees, and the business as a whole. For employers and HR Managers, the user-friendly portal will streamline payroll processing while reducing the number of payroll queries from employees.
How has Thesaurus Software prepared for GDPR?
Data Protection has always been a concern for Thesaurus Software and we have always aimed to act with complete integrity in this regard. In preparation for GDPR, we have had to complete a total review on how we gather, maintain and use data. We have taken steps to securely protect our customers information including increased encryption, securely deleting files from our servers and updating our privacy policies in line with GDPR.
Key changes | Updated privacy policy
How Thesaurus Connect can help with GDPR!
Where possible the data controller should offer self-service remote access to a secure system providing individuals with access to his or her personal data. Thesaurus Connect is a self-service option which provides online access 24/7. Employees can view and download current and historic payslips, P45’s and P60’s. Annual leave can also be requested which flows through as a notification for the employer to approve. Employee contact information can be edited and updated keeping records accurate at all times. For payroll bureaus, clients can access payslips, a leave calendar, amounts due to Revenue and payroll reports.
Are you missing out on Thesaurus Software's newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!
May 2018
24
Free Webinar: How GDPR will affect my payroll processing
Payroll Data & GDPR - What you need to know about consent, emailing payslips, and your legal obligation.
Employers must take steps to protect and securely manage employee’s personal data to comply with GDPR. Equally, where a business outsources their payroll to a third party, they are legally obliged to provide assurances to safeguard the payroll information they manage on behalf of their clients.
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This free webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation. Places are limited, book early to avoid disappointment.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
How we are preparing for GDPR
- Self Service Add on - Connect - online portal
- Enhanced security measures
Related Articles:
May 2018
2
GDPR - What do you need to know?
Free GDPR Webinars for Employers & Payroll Bureaus
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. Join us for our free webinar where we will discuss what GDPR is, why employers need to take it seriously and how you can prepare for the 25th May deadline.
Employer Webinar | Bureau Webinar
How can Thesaurus Connect help with GDPR?
Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would provide the data subject with direct access to his or her personal data. Thesaurus Connect is a self-service option which will give employees online remote access to view their payroll information 24/7.
Free Guide: GDPR & The Future of Payroll
The guide will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
Data Processor Agreement - Free Template
Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. To assist our customers, we have created a template Data Protection Agreement which can be used by data processors as an addendum to any existing agreements.
Download Data Protection Agreement
GDPR Employee Privacy Policies
GDPR requires employers to give information to their workforce, setting out in particular the personal data (employee information) the employer holds about them, how it is used, and with whom the information is shared. The information required is more detailed than is currently required under existing data protection laws. Employers need to ensure that their employee privacy notices accurately reflect how they process employee data and are in line with GDPR requirements. GDPR compliant employee policies are available through the Bright Contracts software.
Thesaurus Newsletter - Are you missing out?
GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!
