Are you sick of hearing about the GDPR and how you have to completely overhaul all of your business processes to be GDPR compliant - or face crippling fines?
So are we, so we spoke to GDPR Practitioners at Nicholls Law and together we put together this honest guide on how GDPR really impacts on delivery of employee payslips as part of the payroll process. This guide covers the answers to three of the big myths around payslip delivery and GDPR.
- Whether emailing payslips will be allowed under GDPR
- The fines that will be levied in the event of a payslip-related GDPR breach
- Whether you need an employee's consent in order to produce their payslips online
What is the GDPR?
In case you've missed it, GDPR stands for General Data Protection Regulation. The EU has introduced the GDPR to update and harmonise data protection practices across the EU. It will apply to all EEA countries and any individual or organisations trading with them. As it comes into force on 25 May 2018 (before the UK leaves the EU), UK individuals and organisations must ensure compliance with the new regime by then.
The GDPR is partly an update to meet the new challenges of the 21st century. It has done this by increasing protection for consumers and placing the onus on individuals and organisations to handle personal data correctly and securely.
What has changed?
The key changes for payrollers include:
- Data processors – must now maintain records and are directly liable if responsible for a breach.
- Data controllers – new obligations including a duty to ensure that your contracts with processors comply with the GDPR.
- Accountability principle – you must show how you comply e.g document what you have done and why.
- Increase in maximum fines (4% of global annual turnover).
The ICAEW have produced a great GDPR overview on their website - which you can find here (opens in new window).
Our thanks go to Nicholls Law for their help and consultation in putting this guide together.