Nov 2018

11

Data Protection complaints increase since introduction of GDPR

Nearly 7 months since the General data Protection Regulation (GDPR) was introduced across all of Europe, complaints around Data Protection have nearly doubled in the UK and are up by nearly 2 thirds in Ireland.


GDPR was designed to give Data Subjects more control over their personal data, with more transparency and the threat of larger fines to those in breach of the new rules. The GDPR requires any company that suffers a data breach to notify its users/data subjects within 72 hours of the breach being discovered.


• Ireland’s Data Protection Commission (DPC), head of communications - Graham Doyle has said that ‘there has been a significant increase in the volumes of both breaches and complaints to the DPC since May 25th.’ Since GDPR enforcement began the DPC has seen monthly data breach reports double, while data protection complaints increased by 65%.

• Data protection complaints to the UK’s Information Commissioners Office (ICO) rose to 4214 in July compared to just 2310 complaints received in May before the GDPR came into force. A spokes person for the ICO said the increase was expected, as more users became aware of data protection because of publicity around the new rules and following a series of high-profile data scandals involving big technology firms.


Experts note, however that the increase does not mean that the number of data breaches has suddenly gone up, but rather reflects the full scale of the data breach problem becoming better known.
Organisations that fail to comply with GDPR can face fines of up to 4% of annual global revenue or €20 million, whichever is greater. So far none of the EU’s Data Protection Agency’s has issued any fines. Graham Doyle at the DPC said ‘It is too soon to expect to see any fines levied against organizations that have violated GDPR – given its only 3 months after it went into full effect.’

 

 

 

Related Articled:

 

Thesaurus & BrightPay Newsletter - Are you missing out?

We will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!

 

Thesaurus Payroll Software | BrightPay Payroll Software

 

 

Posted byJennie HusseyinGDPRGeneral Data Protection Regulation


Jul 2018

2

GDPR and Payroll Processing: Do I need consent from my client’s employees?

Businesses must provide their employees with information on what happens to their data, for example sharing employee’s personal data with a payroll bureau who processes the payroll. Employee personal data can be stored and managed by a payroll bureau, bookkeeper or accountant for the sole benefit of correctly paying their wages, paying the correct tax and providing a payslip. All of this legitimately falls under the remit of the GDPR legislation.

Employee Consent

Many bureaus have expressed concern and confusion in relation to getting consent from client’s employees and securely distributing payslips. Payroll bureaus do not need to seek consent from individual employees that the payroll is processed for. However, the employer will need to inform their employees that they are sharing their personal information with a third party.

An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing. It should be noted that bureaus should keep only the personal data that is strictly required for the purpose of the payroll. This is referred to as data minimisation or privacy by default.

GDPR Webinars

BrightPay is running free webinars to help you with what you need to know about GDPR. These webinars are free to attend for both payroll bureaus and employers. Places are limited - book your place now.

  • Payroll Data & GDPR - What you need to know (4th July)
    This webinar will look at the biggest areas of concern including emailing payslips, employee consent and your legal obligation. We will also look at some important steps to achieve GDPR compliance. Click here to book your place now.
  • GDPR - 3 Months On (20th September)
    This webinar will look at what have we learned from the GDPR 3 months on and how we can help your organisation utilise the new regulations for the benefit of you, your customers, suppliers and employees. This webinar will also include a guest speaker from the Data Protection Commissioners office. Click here to book your place now. 

Related articles:

Thesaurus Payroll Software | BrightPay Payroll Software

Posted byRachel HynesinGDPRGeneral Data Protection Regulation


May 2018

2

GDPR - What do you need to know?

Free GDPR Webinars for Employers & Payroll Bureaus

Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. Join us for our free webinar where we will discuss what GDPR is, why employers need to take it seriously and how you can prepare for the 25th May deadline.

Employer Webinar | Bureau Webinar

How can Thesaurus Connect help with GDPR?

Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would provide the data subject with direct access to his or her personal data. Thesaurus Connect is a self-service option which will give employees online remote access to view their payroll information 24/7.

Find out more | Book a demo

Free Guide: GDPR & The Future of Payroll

The guide will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.

Download guide

Data Processor Agreement - Free Template

Whenever a data controller (e.g. a payroll bureau client) uses a data processor (e.g. payroll bureau) there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. To assist our customers, we have created a template Data Protection Agreement which can be used by data processors as an addendum to any existing agreements.

Download Data Protection Agreement

GDPR Employee Privacy Policies

GDPR requires employers to give information to their workforce, setting out in particular the personal data (employee information) the employer holds about them, how it is used, and with whom the information is shared. The information required is more detailed than is currently required under existing data protection laws. Employers need to ensure that their employee privacy notices accurately reflect how they process employee data and are in line with GDPR requirements. GDPR compliant employee policies are available through the Bright Contracts software.

Find out more | Book a Demo

Thesaurus Newsletter - Are you missing out?

GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at any time. Don’t miss out - sign up to our newsletter today!

Subscribe now

Still confused about GDPR? Here are some more useful links that can help:

Posted byRachel HynesinGDPRGeneral Data Protection Regulation


Apr 2018

10

How will GDPR affect your employee processing?

The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 changing the way we process data forever. The aim of the GDPR is to put greater protection on the way personal data is being processed for all EU citizens. Personal data can be anything from a name, an email address, PPS number, bank details etc so as you can imagine employers process a huge amount of personal data on a daily basis. So how will the GDPR affect employers in terms of processing employee data?

Consent

Data in the employment context, will include information obtained from an employee during the recruitment process (regardless of whether or not they eventually got the job), it will also include the information you hold on current employees and previous employees. All this information may be saved in hard copy personnel files, held on HR systems or it could be information contained in emails or information obtained through employee monitoring.

Under GDPR your employee’s will have increased rights around their data. These rights will include:

  • The Right to Access. It’s not a new concept that employees will be able to request access to the data you hold on them. However, there is a new recommendation that where possible employers should provide their employees with access to a secure self-service login where they can view data stored on them. This backs-up the whole concept of transparency and ease of access to data, which underpins the new Regulations.
  • The Right to Rectification. Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. This is an existing right and the onus is on the employer to ensure that your employee records are kept up-to-date. To help ensure you maintain up-to-date records, employers should make it easier for employees to update their data.
  • The Right to be informed. Employers must be very transparent with employees about what data you hold, why and how long it is held for. Up until now it has been the common practice for many employers to include a standard clause in the employment contract regarding the processing of HR Data, under GDPR that will no longer be sufficient. Employers need to be reviewing their Employee Data Protection Policies and possibly writing new Employee Privacy Policies that go into detail on the processing of employee data.

 

Employee Self Service

Under the GDPR legislation, where possible employers should be able to provide self-service remote access to a secure system which would allow employees view and manage their personal data online 24/7. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees. By introducing a self-service option, you will be taking steps to be GDPR ready.

Thesaurus Payroll Software | BrightPay Payroll Software

Related articles:

Posted byLaura MurphyinEmployee RecordsEmployee Self ServiceGDPRGeneral Data Protection Regulation


Mar 2018

23

Template Data Processor Agreement Now Available

Those of you who were on any of our recent GDPR webinars will be aware that data controllers (e.g. a payroll bureau client) need to be amending their contracts with any data processors (e.g. the payroll bureau) to accommodate the new requirements under the GDPR.

For those of you who did not get to attend our webinars here is a brief overview.

The Legislation

Whenever a data controller uses a data processor there needs to be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out certain information which needs to be included in the contract.

Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects (an individual who is the subject of personal data) protected.

Processors must only act on the documented instructions of a controller. They will however have some direct responsibilities under the GDPR and may be subject to fines or other sanctions if they don’t comply.

What does this contract look like?

To comply with the new requirements under GDPR you could either:

  1. Draft new Terms of Service / EULAs / Engagement Letters for each client to include the new GDPR requirements.
  2. Where you have an existing contract in place you could issue an Addendum to this contract covering the new GDPR requirements, this is commonly known as a Data Protection Agreement (DPA).

Our Advice to Payroll Bureaus

Our advice to payroll bureaus is that when it comes to GDPR you should aim to take an active role in educating your clients about GDPR.

Although the onus is on data controllers to ensure contracts are in place, payroll bureaus looking to get ahead of the GDPR would be well advised to approach their clients and instigate putting the appropriate contracts in place.

Template Data Protection Agreement (DPA)

To assist our customers we have created a template Data Protection Agreement which can be used as an addendum to any existing agreements.

Template Data Protection Agreement

Posted byLaura MurphyinGDPRGeneral Data Protection Regulation


Mar 2018

22

How Thesaurus Connect can help with GDPR

Under the GDPR legislation, where possible the controller should be able to provide self-service remote access to a secure system which would allow the data subject with direct access to his or her personal data. Thesaurus Connect is a self-service option which will give you and your employees online remote access to view and manage your payroll data 24/7.

Thesaurus Connect is tailored to help you overcome the challenge that GDPR presents. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees.

Online synchronisation and backup of payroll data will maintain accuracy and improve efficiency. By introducing a self service option, employers can begin a new way of remotely accessing information and start taking steps to be GDPR ready. Additionally a self-service facility will automate payslip distribution, simplify and integrate leave requests and keep a secure and chronological backup of your payroll records.

 

Simplify your GDPR compliance with Thesaurus Connect

The option of Thesaurus Connect will keep your employee payroll data secure and offers your employees the added reassurance that you are taking action to become GDPR ready. The advantages of a cloud backup and self-service software are numerous, but mainly it significantly increases the efficiency and effectiveness of payroll work.

Workflow is increased since employers are no longer wasting time on manual data processing and therefore are working quicker and more securely within the remit of the GDPR guidelines. Thesaurus Connect is an online payroll and HR software solution that has been developed to help our customers become GDPR ready. It removes the manual data entry requirement for annual leave management, updating employees details, re-sending payslips, backing up your data and HR processing.


Here are the biggest GDPR advantages of Thesaurus Connect:

 

Accountant / Employer Dashboard

Payroll bureaus and accountants have instant access to an online self-service to view clients payroll information. Employers can invite their accountant to access their payroll information. Through the accountant / employer online dashboard, you can have remote and secure access to employee payslips, payroll reports, amounts due to HMRC, annual leave requests and employee contact details.

 

Employee Self Service Portal

Invite employees to their own self-service online portal. This secure system would provide employees with direct access to his or her personal data. Employees can securely view and download payslips, P60s and P45s and easily submit holiday requests, view leave taken and leave remaining.

 

Integration with payroll

Thesaurus Connect is fully integrated with Thesaurus’s payroll software ensuring the payroll data is correct at all time. Any annual leave or other leave, changes to employee contact details and payroll reports are updated and synchronised with the payroll software and Thesaurus Connect.

 

Cloud Backup

Under GDPR, it is important to keep a copy of payroll files safe in case of fire, theft, damaged computers or cyber attacks. Thesaurus Connect is powered using the latest web technologies and hosted on Microsoft Azure for ultimate performance, reliability and scalability. Thesaurus Connect maintains a chronological history of your backups which you can restore or download any time keeping your records protected.

 

24/7 Online Access

Thesaurus Connect allows password protected mobile and online access to your payroll data anytime and anywhere. This fulfils the GDPR recommendation to provide remote access to a secure system where your employees would have direct access to their personal data.

 

HR & Annual Leave Management

Employers can view all upcoming leave in the Thesaurus Connect company wide calendar where they can easily authorise leave requests with changes automatically flowing back to the payroll. You can upload sensitive HR documents such as employee contracts keeping confidential information restricted to each individual employee.

 

Reduce HR Queries

Thesaurus Connect makes it possible to drastically reduce the number of HR queries you deal with such as access to view personal data, payslip requests, annual leave requests, managing employee contact information and employee payroll records.

 

TimeSheet Upload (Coming Soon)

You will soon be able to upload employees’ hours and timesheets directly through the Thesaurus Connect portal. The upload facility offers an additional layer of protection for your payroll information. From there, you can process the payroll from the timesheet upload. This automated process will offer a more secure and accurate recording of the timesheets and hours.

 

Book a Thesaurus Demo

Cloud advancements enables an interactive collaborative experience for your accountants, employers and employees. Thesaurus Connect speeds up and transforms the accountant / employer relationship from a document exchange or transactional relationship to an instant access one. Book a demo today to see just how Thesaurus Connect can help towards GDPR compliance.

 

Free GDPR Webinars: What does GDPR mean for your business?

Payroll Bureaus and employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated. In this webinar, we will peel back the legislation to outline clearly:

Agenda

  • What is GDPR and why is it being implemented?
  • Why employers need to take it seriously
  • How to prepare for GDPR
  • How we are working to help you

Bureau CPD Webinar | Employer Webinar

 


Thesaurus Newsletter - Are you missing out?

GDPR is changing how we communicate with you. After May 2018, we will not be able to email you about webinar events, special offers, legislation changes, other group products and payroll related news without you subscribing to our newsletter. You will be able to unsubscribe at anytime. Don’t miss out - sign up to our newsletter today!

Subscribe now

Posted byKaren BennettinGDPRGeneral Data Protection Regulation