4 Quick GDPR wins for HR & Payroll Personnel
4 Quick GDPR wins for HR & Payroll Personnel
As we celebrate the 4-year anniversary of the introduction of GDPR now is the perfect time to assess your current data practices. The General Data Protection Regulation (GDPR) has increased company obligations in order to keep their employee’s and client’s data safe. With that in mind we have detailed 4 quick GDPR wins that HR & payroll personnel can do now – these are quick wins/tips that you should consider as they could help you with your GDPR compliance.
1. Store your payroll data in one location
The first of our 4 quick GDPR wins for HR & payroll personnel is: stop duplicating your data, consider storing it in one location and, if you need to share it with your team, only share a link to the location of the stored data. Most people are guilty of unnecessarily and unwittingly duplicating data. For example, saving a document to your personal work drive and sharing the document via email to a relevant team member is unnecessary data duplication. Duplication of data is an example of improper data management which will have increased consequences under GDPR.
2. Delete unnecessary data
Have you come across data that you don’t use or need to retain? Do you have outdated, unnecessary data relating to an individual that you don’t need and shouldn’t retain? If so, consider deleting it as there are many implications for this under GDPR. One example relates to the “Right of access by the data subject”, compliance with this aspect of the regulations will be time consuming if an individual expresses their right. This is because, in addition to providing access to the personal data, according to Article 15 of the GDPR Reguations you must provide the following data:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(source: Article 15 europa.eu)
Additionally it is important to review your HR and payroll data request forms to ensure that you are only collecting the data that you need. Under GDPR, the collection of data must be minimised – data collection must be limited to what is necessary to process payroll and run your HR function effectively and nothing more.
3. Secure your pay slips
When emailing employee payslips consider password protecting the document (don’t use a generic company-wide password) and using encrypted email communication particularly when/if personal data is in the body of the email. In relation to security of processing data, Article 32 of the GDPR Regulations specifically notes:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
(source: Article 32 europa.eu)
4. Stay informed on GDPR
With GDPR vigilance is key. HR and payroll personnel are responsible for highly sensitive data and therefore it’s imperative that you fully understand the regulations and keep up to date with them. Below you’ll find a list of useful sources to help you achieve this goal:
Paycheck Plus, Your Outsourced Payroll Provider
Paycheck Plus is one of Ireland’s leading payroll providers. We specialise in all aspect of payroll outsourcing. With industry-leading accuracy levels, strict levels of confidentiality and precise outsourced payroll solutions, we provide an all-inclusive payroll outsourcing service to organisations of all sizes.
For more information on our Irish payroll services simply request a payroll services quote or call our payroll firm on +353 (0) 1 905 9400. For UK payroll services contact our UK payroll agency on +44 (0) 161 464 8720.