GDPR, coming into force in May, is going to require big changes. It covers every business, no matter what size. The penalties for not having a good system in place are eye watering. If you’re an employer, you must look at your systems and work out changes to comply with the legislation. If you use a payroll bureau, you’re responsible for making sure they also comply. The buck stops with you.
You can’t do this anymore
- Do you send/receive emails to/from staff about matters to do with them personally?
- Maybe it’s normal for staff to email you a P45, sickness note from the doctor, or something else which is confidential.
- If you pay someone else to run your payroll, do you email them changes to staff pay, details of new staff, etc ?
Email is not deemed to be sufficiently robust to protect this sensitive data.
Payroll in the Cloud
Some payroll providers are offering a cloud based hub this year so that employees can download their own payslips and P45’s from that hub and you can download the business payroll details direct. Check if your payroll provider does this.
Passworded payslips for email
Do you have the option of emailing employees their payslips direct? Make sure there is a password set up. If you’re running your own payroll, that could be the cheapest option.
You will have to cater somehow for those who can’t provide an email address, or who can only print out their payslip at work. And bear in mind the security issues.
A secure way of collecting data from staff
You could set up a Dropbox account for all employees to use when they want to send you something payroll related or otherwise sensitive. You could also download data for them to the same place.
Get it right early on
Anyone running a payroll is going to be under huge pressure to prove that they are going to safeguard the data adequately, whether or not a breach ever happens.
It’s very clear that lots of small companies either don’t know about GDPR, think it won’t apply to them, or it’s just too difficult for them to handle.
Some insurers are checking to find out what efforts their clients are making to comply with GDPR. So you can’t just hope for the best.
Take some time now to work out what you’re going to do and get your systems sorted out asap.
And if you’d like someone to take over your payroll and advise you on the best systems to use in future, call Frances on 01737 559211, email firstname.lastname@example.org