SlideShare una empresa de Scribd logo

Payroll Data & GDPR: What you need to know?

Descargar como PPTX, PDF
BrightPay Payroll and Auto Enrolment Software
BrightPay Payroll and Auto Enrolment Software

1. The webinar covered how GDPR affects payroll processing and compliance. Personal employee data must be collected and processed lawfully, securely stored, and deleted after the required retention period. 2. Under GDPR, contracts are required between data controllers and processors. Payroll bureaus should work with clients to ensure data processor agreements are in place that outline each parties' obligations regarding employee data. 3. In the event of a data breach, businesses must notify the Data Protection Commissioner within 72 hours if the breach poses a risk to employees. Non-compliance with GDPR can result in substantial fines.

Software
1 de 81
-Payroll Data & GDPR: What you need to know
The Presenters… Karen Bennett Rachel Hynes Jennie Hussey
Webinar Agenda What does it mean for payroll processing? Understanding GDPR The contract between accountants & clients Template Data Processor Agreement Proof of compliance Securely storing employee data Payslips & GDPR Compliance Employee consent Emailing payslips Recommended self- service access Breaching GDPR Data breach plan of action Non-compliance and penalties Thesaurus / BrightPay & GDPR Connect: Self service portal Enhanced security measures
- Q&A Session Questions Tab or #BPWebinars Q&A On Demand This session is being recorded REC
-Understanding GDPR
An Introduction to GDPR • Protects the personal data and privacy of EU citizens • An update to the current legislation - Data Protection Act 1998 • Applies to ALL companies – including SMEs, sole traders, etc. • Article 30 – Technical & Organisational measures • Accountability – prove compliance
6 principle of Data Protection under GDPR • Personal data shall be: Processed lawfully, fairly and in a transparent manner Collected for specified, explicit and legitimate purposes Adequate, relevant and limited to what is necessary Accurate, kept up to date and rectified without delay where necessary Permits identification of data subjects for no longer than is necessary Processed in a manner that ensures appropriate security of personal data
New and Enhanced Rights for Employees • The most significant development with GDPR for employers is the emphasis on transparency and accountability • GDPR also introduces new and enhanced rights for employees Right to be informed The right to access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making
- How GDPR will impact your payroll processing?
How does GDPR affect payroll processing? • Businesses must ensure that their data will be processed securely and responsibly under GDPR • An updated security process is required to protect the personal data that we manage • Changes to the way we currently process, manage and store individual’s personal data
© NEST Corporation 2015 Only collect information needed for the specific purpose of completing the payroll Keep employee payroll information safe and secure Only hold information required and for as long as it is needed to manage the payroll Allow employees to view personal information that is kept upon request Businesses must:
How does GDPR affect payroll processing? • Provide employees with a privacy notice setting out information about how their data is managed • How long will data be held for? How will it be used? • Employees can request access to personal information that is held on them • Employees can request to have it rectified and, in some cases, request for it to be deleted
Employee Privacy Policy on Bright Contracts
Understanding GDPR 1. Data Management: Payroll and personal data must be processed lawfully, fairly and in a transparent manner. - Employee data must be collected for the legitimate purpose of completing the payroll - All data must be kept up-to-date and only be used for processing the payroll - Payroll data needs to be protected and secured against loss, damage unlawful access and cyber attacks
Understanding GDPR 2. Data Processing: Data processors can lawfully process data on behalf of the data controller as long as a written contract is in place. - This contract represents a legal obligation for the data processor to have access to the data in order to complete the payroll - The GDPR legislation sets out requirements regarding what must be included in the contract between a payroll bureau & the client
Understanding GDPR 3. Transferring Data Internationally: It is prohibited to send employee’s data outside the European Economic Area. - It is prohibited to send the employee’s data outside the European Economic Area unless that country provides an adequate level of protection for the rights of individual's personal data - Transferring the employee’s data outside of the EU requires extra caution and must meet the specific criteria as set out in the GDPR regulations
GDPR Preparation • Have you reviewed and updated current data protection policies? • Check with current software providers, data processors and contractors - you will likely need to update or amend certain contracts with your third party contractors or vendors • Keep a record of how you are storing this information and for what purpose should you ever be audited or reported
7 Step Preparation Guide Data Inventory Policies & Contracts Capturing Consent Governance Security PIAs & Data by Design Advise your Clients
GDPR Compliance • If you are audited, you may need to provide certain information to prove your GDPR compliance: • Businesses should keep a record of how they are securely protecting the data that they process and manage Agreed Contract Fulfilling the Contract Legitimate Reason
Securely Storing Employee Payroll Data • Password protect computers that hold personal data • Password protect software applications that hold personal data • Password protect or encrypt payslips and other documents that may be emailed to employees
Retention Periods for Personal Data • Personal data may only be kept for no longer than is necessary for the purpose for which it was processed • Businesses should consider statutory retention periods, individual business needs and data protection principles • According to guidelines, you should keep payroll records and payslips for up to 6 years from the end of the tax year they relate to
-Payslips & GDPR Compliance
Employee Consent • Consent is not needed from individual employees • If payroll is outsourced, the employer will need to inform employees that their personal information is being shared with a third party • The employer must ensure that their payroll bureau or accountant is taking action to protect their employees’ payroll information • An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing
Posting Payslips • There is nothing in the GDPR legislation that states it is no longer permissible to post payslips • Posted payslips must include appropriate security measures to protect the payslip • Examples include using security payslip envelopes, marking the envelope as ‘Private and Confidential’ or using registered post
Emailing Payslips • Nothing that states it is no longer permissible to email payslips • Steps should be taken to securely protect each employee’s payslip • Password protect payslips with a password that is uniquely chosen by the employee • It is recommended (but not mandatory) to offer a secure self- service portal to securely send and store payslips
© NEST Corporation 2015 Recommended Self-Service Option The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information. 24/7 Online Access Payroll Information Employee Documents Annual Leave Entitlements
Recommended Self-Service Option • Password protected for each employee • Provides flexibility and full transparency for employees to retrieve and update their information at any time • Employers can login and view payslips, payroll reports and amounts due to Revenue • Distribution of payslips and reports are automated and automatically available to employees
-Data Processor Agreement
Data Processor Agreement • Whenever a data controller uses a data processor there needs to be a written contract in place • Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met • Data processors will have some direct responsibilities and may be subject to fines or other sanctions if they don’t comply
Data Processor Agreement • The onus is on data controllers to ensure contracts are in place with third party data processors • Payroll bureaus should aim to take an active role in educating their clients about GDPR • It would be well advised to approach clients and instigate putting the appropriate contracts in place
What does this contract look like? • To comply with the new requirements under GDPR bureaus could either: • Draft new Terms of Service / EULAs / Engagement Letters for each client to include the new GDPR requirements • Where you have an existing contract in place you could issue an Addendum to this contract covering the new GDPR requirements • Template Data Processor Agreement (DPA)
Written Contract • Under previous data protection laws: • Contracts were required to be in writing • They required the data processor to only process data on the instructions of the data controller • Appropriate measures needed to be taken to keep all personal data secure
• Under the GDPR the contract requirements are wider. Contracts must now set out: • The subject matter and duration of the processing • The nature and purpose of the processing • The type of personal data and categories of data subject • The obligations and rights of the controller Contract requirements under GDPR
Contract requirements under GDPR The processor must: • Only act on the written instruction of the controller (unless required by law to act without such instruction) • Ensure that people processing the data are subject to a duty of confidence • Take appropriate measures to ensure the security of processing
Contract requirements under GDPR The processor must: • The processor must only engage a sub-processor with the prior consent of the data controller and a written contract • The processor must assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
Contract requirements under GDPR The processor must: • Submit to audits and inspections • Provide the controller with whatever information it needs • Tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law
Contract requirements under GDPR • The contract must include end of contract provisions in order to ensure the continued security of the personal data • The processor must delete or return all personal data to the controller as requested at the end of the contract • An exemption applies where the data processor is required by law to retain data
-Breaching GDPR
Data Breach Plan of Action • A personal breach - the ‘accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’ • A business must determine the level of the breach’s severity and the risk it could present to an individuals rights and freedoms • If it is considered a risk then you must notify the Office of the Data Protection Commissioner (DPC) within 72 hours of becoming aware of them
Data Breach Plan of Action • If there is no risk then you do not have to report it • Businesses who do not report a breach should keep a record and be able to justify their reasoning behind their decision not to report it and document those reasons • Failing to report a breach can result in an investigation and/or penalties
Data Breach Plan of Action • It is important to have suitable procedures in place to notify the regulator where breaches have been reported and identified • Inform all staff of the correct procedure to follow should a breach occur • Individuals also have the option to file a class action lawsuit if a business does not comply with GDPR
Non-Compliance & Penalties • There are significant fines and penalties for businesses who breach the GDPR legislation: €20 million or 4% of a businesses turnover • The fines are designed to punish any business that wilfully ignores their GDPR obligations • Fines can be mitigated against if there is evidence that shows that a business has prepared and worked towards GDPR compliance
-How Thesaurus & BrightPay Connect Can Help
© NEST Corporation 2015 GDPR & Connect •Automated Cloud Backup Self-Service Remote Access Password Protected Payslip Portal Secure Document Exchange Accurate Employee Records Right to Rectification User Restrictions Central Location for Documents
- How can Bright Contracts help with GDPR compliance?
-How have we prepared for GDPR?
© NEST Corporation 2015 Key Changes •In-Program Customer Support Privacy Policy Internal IT Audits Secure Servers Additional Consent Staff Training & Awareness Bright Contracts Thesaurus & BrightPay Connect
-Questions & Answers
© NEST Corporation 2015 6th September @ 11.00 am PAYE Modernisation for Payroll Bureaus Guest Speaker from Revenue 20th September @ 11.00 am GDPR – 3 Months On Guest Speaker from Data Protection Commissioners 4th September @ 11.00 am PAYE Modernisation for Employers Guest Speaker from Revenue
-Questions & Answers

Recomendados

GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR WorkshopCurt Lewis
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Karina Matos
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 

Recomendados

GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR WorkshopCurt Lewis
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Karina Matos
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance Tom Haynes
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR readyHarrison Clark Rickerbys
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!BrightPay Payroll and Auto Enrolment Software
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 

Más contenido relacionado

La actualidad más candente

GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance Tom Haynes
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 

La actualidad más candente (20)

GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping EL
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 

Similar a Payroll Data & GDPR: What you need to know?

A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowThe General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowTerry Gorry
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPRMarketo
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPRSrijan Technologies
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
SMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantSMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantEsendex
 

Similar a Payroll Data & GDPR: What you need to know? (20)

GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
 
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowThe General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPR
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
SMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliantSMS and GDPR - what you need to know to be compliant
SMS and GDPR - what you need to know to be compliant
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 

Más de BrightPay Payroll and Auto Enrolment Software

Más de BrightPay Payroll and Auto Enrolment Software (20)

Bringing payroll in-house: Don't let the fear hold you back
Bringing payroll in-house: Don't let the fear hold you back Bringing payroll in-house: Don't let the fear hold you back
Bringing payroll in-house: Don't let the fear hold you back
 
BrightPay's Integration with Surf Accounts - How it works
BrightPay's Integration with Surf Accounts - How it worksBrightPay's Integration with Surf Accounts - How it works
BrightPay's Integration with Surf Accounts - How it works
 
Updated EWSS Guidance Webinar - Changes from 1st February 2022
Updated EWSS Guidance Webinar - Changes from 1st February 2022Updated EWSS Guidance Webinar - Changes from 1st February 2022
Updated EWSS Guidance Webinar - Changes from 1st February 2022
 
Webinar: BrightPay Ireland Integration with AccountsIQ
Webinar: BrightPay Ireland Integration with AccountsIQWebinar: BrightPay Ireland Integration with AccountsIQ
Webinar: BrightPay Ireland Integration with AccountsIQ
 
Revenue Update: EWSS Changes for October
Revenue Update: EWSS Changes for OctoberRevenue Update: EWSS Changes for October
Revenue Update: EWSS Changes for October
 
Employment Wage Subsidy Scheme EWSS | Guest Speaker Revenue
Employment Wage Subsidy Scheme EWSS | Guest Speaker RevenueEmployment Wage Subsidy Scheme EWSS | Guest Speaker Revenue
Employment Wage Subsidy Scheme EWSS | Guest Speaker Revenue
 
EWSS Changes & The Return to Work: What you need to know
EWSS Changes & The Return to Work: What you need to knowEWSS Changes & The Return to Work: What you need to know
EWSS Changes & The Return to Work: What you need to know
 
The End of Furlough: Key Changes & The Long Term Impacts
The End of Furlough: Key Changes & The Long Term ImpactsThe End of Furlough: Key Changes & The Long Term Impacts
The End of Furlough: Key Changes & The Long Term Impacts
 
BrightPay and Modulr: Webinar for Accountants
BrightPay and Modulr: Webinar for AccountantsBrightPay and Modulr: Webinar for Accountants
BrightPay and Modulr: Webinar for Accountants
 
BrightPay & QuickFile: Connecting Payroll and Accounting Software
BrightPay & QuickFile: Connecting Payroll and Accounting SoftwareBrightPay & QuickFile: Connecting Payroll and Accounting Software
BrightPay & QuickFile: Connecting Payroll and Accounting Software
 
Furlough Wind-Down: Key changes to the CJRS from July
Furlough Wind-Down: Key changes to the CJRS from JulyFurlough Wind-Down: Key changes to the CJRS from July
Furlough Wind-Down: Key changes to the CJRS from July
 
Leaving Lockdown: Furlough Wind Down, Redundancies and a Vaccine Policy
Leaving Lockdown: Furlough Wind Down, Redundancies and a Vaccine PolicyLeaving Lockdown: Furlough Wind Down, Redundancies and a Vaccine Policy
Leaving Lockdown: Furlough Wind Down, Redundancies and a Vaccine Policy
 
Take the pain out of payroll: Integrate your payroll and payment workflows
Take the pain out of payroll: Integrate your payroll and payment workflowsTake the pain out of payroll: Integrate your payroll and payment workflows
Take the pain out of payroll: Integrate your payroll and payment workflows
 
Payroll in a Pandemic: Furlough Extension & Rule Changes
Payroll in a Pandemic: Furlough Extension & Rule ChangesPayroll in a Pandemic: Furlough Extension & Rule Changes
Payroll in a Pandemic: Furlough Extension & Rule Changes
 
Payroll in the Connected Era: How integration has transformed the world of pa...
Payroll in the Connected Era: How integration has transformed the world of pa...Payroll in the Connected Era: How integration has transformed the world of pa...
Payroll in the Connected Era: How integration has transformed the world of pa...
 
Optimising your Payroll Offering to Improve Profitability
Optimising your Payroll Offering to Improve ProfitabilityOptimising your Payroll Offering to Improve Profitability
Optimising your Payroll Offering to Improve Profitability
 
CJRS Rule Changes, Furlough Extensions & Other HMRC Quirks
CJRS Rule Changes, Furlough Extensions & Other HMRC QuirksCJRS Rule Changes, Furlough Extensions & Other HMRC Quirks
CJRS Rule Changes, Furlough Extensions & Other HMRC Quirks
 
IR35 - Are you Ready?
IR35 - Are you Ready?IR35 - Are you Ready?
IR35 - Are you Ready?
 
The Transition to Bringing Payroll In-House
The Transition to Bringing Payroll In-HouseThe Transition to Bringing Payroll In-House
The Transition to Bringing Payroll In-House
 
Switch to BrightPay
Switch to BrightPaySwitch to BrightPay
Switch to BrightPay
 

Último

Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 

Último (20)

Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 

Payroll Data & GDPR: What you need to know?

  • 1. -Payroll Data & GDPR: What you need to know
  • 2. The Presenters… Karen Bennett Rachel Hynes Jennie Hussey
  • 3. Webinar Agenda What does it mean for payroll processing? Understanding GDPR The contract between accountants & clients Template Data Processor Agreement Proof of compliance Securely storing employee data Payslips & GDPR Compliance Employee consent Emailing payslips Recommended self- service access Breaching GDPR Data breach plan of action Non-compliance and penalties Thesaurus / BrightPay & GDPR Connect: Self service portal Enhanced security measures
  • 4. - Q&A Session Questions Tab or #BPWebinars Q&A On Demand This session is being recorded REC
  • 6. An Introduction to GDPR • Protects the personal data and privacy of EU citizens • An update to the current legislation - Data Protection Act 1998 • Applies to ALL companies – including SMEs, sole traders, etc. • Article 30 – Technical & Organisational measures • Accountability – prove compliance
  • 7. 6 principle of Data Protection under GDPR • Personal data shall be: Processed lawfully, fairly and in a transparent manner Collected for specified, explicit and legitimate purposes Adequate, relevant and limited to what is necessary Accurate, kept up to date and rectified without delay where necessary Permits identification of data subjects for no longer than is necessary Processed in a manner that ensures appropriate security of personal data
  • 8. New and Enhanced Rights for Employees • The most significant development with GDPR for employers is the emphasis on transparency and accountability • GDPR also introduces new and enhanced rights for employees Right to be informed The right to access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making
  • 9. - How GDPR will impact your payroll processing?
  • 10. How does GDPR affect payroll processing? • Businesses must ensure that their data will be processed securely and responsibly under GDPR • An updated security process is required to protect the personal data that we manage • Changes to the way we currently process, manage and store individual’s personal data
  • 11. © NEST Corporation 2015 Only collect information needed for the specific purpose of completing the payroll Keep employee payroll information safe and secure Only hold information required and for as long as it is needed to manage the payroll Allow employees to view personal information that is kept upon request Businesses must:
  • 12. How does GDPR affect payroll processing? • Provide employees with a privacy notice setting out information about how their data is managed • How long will data be held for? How will it be used? • Employees can request access to personal information that is held on them • Employees can request to have it rectified and, in some cases, request for it to be deleted
  • 13. Employee Privacy Policy on Bright Contracts
  • 14. Understanding GDPR 1. Data Management: Payroll and personal data must be processed lawfully, fairly and in a transparent manner. - Employee data must be collected for the legitimate purpose of completing the payroll - All data must be kept up-to-date and only be used for processing the payroll - Payroll data needs to be protected and secured against loss, damage unlawful access and cyber attacks
  • 15. Understanding GDPR 2. Data Processing: Data processors can lawfully process data on behalf of the data controller as long as a written contract is in place. - This contract represents a legal obligation for the data processor to have access to the data in order to complete the payroll - The GDPR legislation sets out requirements regarding what must be included in the contract between a payroll bureau & the client
  • 16. Understanding GDPR 3. Transferring Data Internationally: It is prohibited to send employee’s data outside the European Economic Area. - It is prohibited to send the employee’s data outside the European Economic Area unless that country provides an adequate level of protection for the rights of individual's personal data - Transferring the employee’s data outside of the EU requires extra caution and must meet the specific criteria as set out in the GDPR regulations
  • 17. GDPR Preparation • Have you reviewed and updated current data protection policies? • Check with current software providers, data processors and contractors - you will likely need to update or amend certain contracts with your third party contractors or vendors • Keep a record of how you are storing this information and for what purpose should you ever be audited or reported
  • 18. 7 Step Preparation Guide Data Inventory Policies & Contracts Capturing Consent Governance Security PIAs & Data by Design Advise your Clients
  • 19. GDPR Compliance • If you are audited, you may need to provide certain information to prove your GDPR compliance: • Businesses should keep a record of how they are securely protecting the data that they process and manage Agreed Contract Fulfilling the Contract Legitimate Reason
  • 20. Securely Storing Employee Payroll Data • Password protect computers that hold personal data • Password protect software applications that hold personal data • Password protect or encrypt payslips and other documents that may be emailed to employees
  • 21. Retention Periods for Personal Data • Personal data may only be kept for no longer than is necessary for the purpose for which it was processed • Businesses should consider statutory retention periods, individual business needs and data protection principles • According to guidelines, you should keep payroll records and payslips for up to 6 years from the end of the tax year they relate to
  • 22. -Payslips & GDPR Compliance
  • 23. Employee Consent • Consent is not needed from individual employees • If payroll is outsourced, the employer will need to inform employees that their personal information is being shared with a third party • The employer must ensure that their payroll bureau or accountant is taking action to protect their employees’ payroll information • An employee cannot withdraw their consent for their personal data to be used as part of the payroll processing
  • 24. Posting Payslips • There is nothing in the GDPR legislation that states it is no longer permissible to post payslips • Posted payslips must include appropriate security measures to protect the payslip • Examples include using security payslip envelopes, marking the envelope as ‘Private and Confidential’ or using registered post
  • 25. Emailing Payslips • Nothing that states it is no longer permissible to email payslips • Steps should be taken to securely protect each employee’s payslip • Password protect payslips with a password that is uniquely chosen by the employee • It is recommended (but not mandatory) to offer a secure self- service portal to securely send and store payslips
  • 26. © NEST Corporation 2015 Recommended Self-Service Option The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information. 24/7 Online Access Payroll Information Employee Documents Annual Leave Entitlements
  • 27. Recommended Self-Service Option • Password protected for each employee • Provides flexibility and full transparency for employees to retrieve and update their information at any time • Employers can login and view payslips, payroll reports and amounts due to Revenue • Distribution of payslips and reports are automated and automatically available to employees
  • 29. Data Processor Agreement • Whenever a data controller uses a data processor there needs to be a written contract in place • Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met • Data processors will have some direct responsibilities and may be subject to fines or other sanctions if they don’t comply
  • 30. Data Processor Agreement • The onus is on data controllers to ensure contracts are in place with third party data processors • Payroll bureaus should aim to take an active role in educating their clients about GDPR • It would be well advised to approach clients and instigate putting the appropriate contracts in place
  • 31. What does this contract look like? • To comply with the new requirements under GDPR bureaus could either: • Draft new Terms of Service / EULAs / Engagement Letters for each client to include the new GDPR requirements • Where you have an existing contract in place you could issue an Addendum to this contract covering the new GDPR requirements • Template Data Processor Agreement (DPA)
  • 32. Written Contract • Under previous data protection laws: • Contracts were required to be in writing • They required the data processor to only process data on the instructions of the data controller • Appropriate measures needed to be taken to keep all personal data secure
  • 33. • Under the GDPR the contract requirements are wider. Contracts must now set out: • The subject matter and duration of the processing • The nature and purpose of the processing • The type of personal data and categories of data subject • The obligations and rights of the controller Contract requirements under GDPR
  • 34. Contract requirements under GDPR The processor must: • Only act on the written instruction of the controller (unless required by law to act without such instruction) • Ensure that people processing the data are subject to a duty of confidence • Take appropriate measures to ensure the security of processing
  • 35. Contract requirements under GDPR The processor must: • The processor must only engage a sub-processor with the prior consent of the data controller and a written contract • The processor must assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
  • 36. Contract requirements under GDPR The processor must: • Submit to audits and inspections • Provide the controller with whatever information it needs • Tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law
  • 37. Contract requirements under GDPR • The contract must include end of contract provisions in order to ensure the continued security of the personal data • The processor must delete or return all personal data to the controller as requested at the end of the contract • An exemption applies where the data processor is required by law to retain data
  • 39. Data Breach Plan of Action • A personal breach - the ‘accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’ • A business must determine the level of the breach’s severity and the risk it could present to an individuals rights and freedoms • If it is considered a risk then you must notify the Office of the Data Protection Commissioner (DPC) within 72 hours of becoming aware of them
  • 40. Data Breach Plan of Action • If there is no risk then you do not have to report it • Businesses who do not report a breach should keep a record and be able to justify their reasoning behind their decision not to report it and document those reasons • Failing to report a breach can result in an investigation and/or penalties
  • 41. Data Breach Plan of Action • It is important to have suitable procedures in place to notify the regulator where breaches have been reported and identified • Inform all staff of the correct procedure to follow should a breach occur • Individuals also have the option to file a class action lawsuit if a business does not comply with GDPR
  • 42. Non-Compliance & Penalties • There are significant fines and penalties for businesses who breach the GDPR legislation: €20 million or 4% of a businesses turnover • The fines are designed to punish any business that wilfully ignores their GDPR obligations • Fines can be mitigated against if there is evidence that shows that a business has prepared and worked towards GDPR compliance
  • 43. -How Thesaurus & BrightPay Connect Can Help
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73. © NEST Corporation 2015 GDPR & Connect •Automated Cloud Backup Self-Service Remote Access Password Protected Payslip Portal Secure Document Exchange Accurate Employee Records Right to Rectification User Restrictions Central Location for Documents
  • 74. - How can Bright Contracts help with GDPR compliance?
  • 75.
  • 76.
  • 77. -How have we prepared for GDPR?
  • 78. © NEST Corporation 2015 Key Changes •In-Program Customer Support Privacy Policy Internal IT Audits Secure Servers Additional Consent Staff Training & Awareness Bright Contracts Thesaurus & BrightPay Connect
  • 80. © NEST Corporation 2015 6th September @ 11.00 am PAYE Modernisation for Payroll Bureaus Guest Speaker from Revenue 20th September @ 11.00 am GDPR – 3 Months On Guest Speaker from Data Protection Commissioners 4th September @ 11.00 am PAYE Modernisation for Employers Guest Speaker from Revenue