5 Quick GDPR wins for HR & Payroll Personnel
The General Data Protection Regulation (GDPR) deadline is fast approaching. The increasing company obligations are putting a strain on many employees in their preparation for May 25th. With that in mind we have detailed 5 quick GDPR wins that HR & payroll personnel can do now – these are quick wins/tips that you should consider as they could help you with your GDPR preparations.
Store your payroll data in one location
The first of our 5 quick GDPR wins for HR & payroll personnel is: stop duplicating your data, consider storing it in one location and, if you need to share it with your team, only share a link to the location of the stored data. Most people are guilty of unnecessarily and unwittingly duplicating data. For example, saving a document to your personal work drive and sharing the document via email to a relevant team member is unnecessary data duplication. Duplication of data is an example of improper data management which will have increased consequences under GDPR.
Delete unnecessary data
Have you come across data that you don’t use or need to retain? Do you have out-dated, unnecessary data relating to an individual that you don’t need and shouldn’t retain? If so, consider deleting it as there are many implications for this under GDPR. One example relates to the “Right of access by the data subject”, compliance with this aspect of the regulations will be time consuming if an individual expresses their right. This is because, in addition to providing access to the personal data, according to Article 15 of the GDPR Reguations you must provide the following data:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(source: Article 15 europa.eu)
Review your payroll data request forms
Another of our 5 quick GDPR wins for HR & payroll personnel is to review your HR and payroll data request forms to ensure that you are only collecting the data that you need. Under GDPR, the collection of data must be minimised – data collection must be limited to what is necessary to process payroll and run your HR function effectively.
Secure your payslips
When emailing employee payslips consider password protecting the document (don’t use a generic company-wide password) and using encrypted email communication particularly when/if personal data is in the body of the email. Here at Paycheck Plus, we require client payroll representatives download, install and communicate via email encryption software. In relation to security of processing data, Article 32 of the GDPR Regulations specifically notes:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
(source: Article 32 europa.eu)
Do further GDPR research
HR and payroll personnel are responsible for highly sensitive data and therefore it’s imperative that you understand the regulations. Below you’ll find a list of useful sources:
Payroll, HR managers/employees and businesses as a whole have a responsibility to ensure that their business is compliant with the continuously developing legislation. Along with their other obligations, payroll and HR teams must prepare for the significant industry changes that are approaching. Ensuring compliance with the many regulations and legislations can be a difficult and time consuming task for businesses. Payroll compliance can be of particular difficulty and importance due to the complex ever-changing legislation and substantial fines that can be incurred if in breach. Also, as payroll is not a core function of most businesses, payroll and HR staff experience significant pressure to ensure accuracy and compliance with the most up to date legislation. This is where Paycheck Plus can help.
To ensure payroll compliance and for expert support contact Paycheck Plus today.
Paycheck Plus | Your Payroll. Our Passion.