Top GDPR compliance tips for payroll managers
So, the General Data Protection Regulation (GDPR) should be the top topic of conversation within all businesses large and small at the moment (and if it isn’t where have you been?).
With the regulation coming into effect on 25th May 2018 should companies be panicking? And what about Payroll teams and payroll data. How will you be affected?
There’s a lot to take in for any business, but within payroll there are some core things to consider. Here are our top five tips for payroll personnel:-
- Every UK company is affected. Be aware of the impact that will fall on Payroll in terms of action and accountability
- Your business needs to designate someone as a Data Protection Officer – make sure you liaise with them as needed regarding payroll data
- Ensure the way you handle, transmit and retain payroll data meets the requirements of the legislation. Look for ways to ensure payroll data is not held unnecessarily. Ensure there are robust documented procedures and processes around payroll data. And don’t forget employee payslips!
- Carry out “Data Protection Impact Assessments” (DPIAs) – a tool which can help payroll teams to identify the most effective way to comply with their data protection obligations and meet employee expectations of privacy.
- Communicate. Communicate. Communicate – many data protection issues have arisen as staff were unaware of processes and procedures, and payroll staff could be particularly vulnerable. Everyone in the business needs to know about the changes and the impact.
Be aware that any payroll data breaches could cost your business dearly – up to 4% of annual global turnover. Our recommendation would be to review GDPR within your organisation as soon as possible, and certainly contact your payroll provider if you outsource that function. Ultimately if your provider cannot give you reassurance that this is high on their agenda you should consider changing providers to protect both your business and your valuable employee data.
Need to know more? Read the ICO guide to GDPR. We’re taking action. Are you?