GDPR - 5 Months On!

1. -GDPR - 5 Months On!

2. - CPD Accredited Fill out survey at the end of the webinar Q&A Session Questions Tab or #BPWebinars Q&A CPD On Demand This session is being recorded REC

3. The Presenters… Jennifer Hussey Employment Law Advisor & Payroll Specialist Thesaurus Software / Bright Contracts Rachel Hynes Marketing Executive Thesaurus Software / BrightPay

4. Webinar Agenda •Breakdown of the General Data Protection Regulation •Processing Employee Data under GDPR •GDPR and Payroll Processing •How BrightPay and BrightPay Connect Can Help •How Thesaurus Software Has Prepared Questions & Answers

5. -Breakdown of GDPR

6. GDPR, what is it? General Data Protection Regulation • Aims to provide better protection for personal data • Current data legislation dates back to 1998

7. Definition of Personal Data “Any information related on a natural person or ‘Data Subject’, that can be used to directly or indirectly identify a person.” ✓ A name ✓ A photo ✓ An email address ✓ Bank details ✓ Posts on social networking websites ✓ Medical information ✓ CCTV images ✓ Records of websites visited ✓ A computer IP address

8. Data Protection Principles Lawfulness Purpose Limitation Data Minimisation Accuracy Storage Limitation Integrity & Confidentiality

9. What’s new in GDPR • Accountability – demonstrating compliance • Transparency – providing information pre-processing • Mandatory data breach reporting (72 hours) • DPO – Data Protection Officer • Fines – Administrative Fines, Civil Liability • Strengthened ‘Consent’ obligations • New and enhanced Data Subject rights Integrity & Confidentiality

10. Demonstrating Accountability Article 24.1- “….the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation” • Putting together an inventory of the data you currently hold and process • Complete Data Protection Impact Assesment (DPIA) • Appoint a DPO if necessary Integrity & Confidentiality

11. • Details of Data Controller or DPO • Purpose and legal basis for processing • Sharing of data – internally / any third parties • Storage or transfer of data outside EEA • Retention periods • Rights of data subjects • Consent • Breach reporting / complaints to supervising authority • Any automated decision making processes • Any Special Categories processed Transparency Article 12 - “The controller shall take appropriate measures to provide any information……..relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child” At the time when personal data is obtained, the data subject must be provided with information on:

12. Breach Reporting / Fines Integrity & Confidentiality

13. 5. Changes to Consent Rules 1. Consent must be: - Specific, informed, unambiguous and freely given - Must be for a specified purpose 2. Where consent is obtained as part of a larger document covering other things, consent must be clearly distinguished from everything else 3. Evidence needs to be retained as to how the consent was obtained Forms, brochures signage, website screenshots etc. 4. Language must be accessible and easily understood

14. 9. Enhanced Rights for Data Subjects The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making Right to be informed The right to access The right to rectification

15. -Processing Employee Data under GDPR

16. Who? • Job Applicants • Existing Employees • Leaver What? • Name and address • Payroll information • Next of kin • Performance review • Health or sickness information HR and Payroll under GDPR

17. Data Management Payroll and personal data must be processed lawfully, fairly and in a transparent manner. - A lawful reason for processing data must exist - All data must be kept up-to-date and only be used for purposes that have been communicated - Only hold information required for as long as it is needed. - Data needs to be protected and stored in a secure manner.

18. The data subject has given consent Necessary for the performance of contract Necessary for the compliance with legal obligation In order to protect vital interests of a person Necessary for public interest or official authority For the legitimate interests of data controller or yourself the employer in this case. Lawful Processing

19. • Under GDPR consent must be "freely given, specific, informed and unambiguous". • Consent can no longer be relied upon as a lawful reason for processing employee personal data Lawful Processing & Consent

20. Enhanced Rights for Employees The right to be informed The right of access The right to rectification

21. © NEST Corporation 2015 Recommended Self-Service Option The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information. 24/7 Online Access Payroll Information Employee Documents Annual Leave Entitlements

22. -GDPR & Payroll Processing

23. Email Payslips • Yes you can email payslips • Security measures should be taken, like password protecting the payslips Postal Payslips • Yes you can post payslips • Security measures should be taken, like security sealed envelopes Distributing Payslips • It is recommended (but not mandatory) to offer a secure self-service portal to securely send and store payslips

24. Recommended Self-Service Option • Password protected for each employee • Provides flexibility and full transparency for employees to retrieve and update their information at any time • Employers can login and view payslips, payroll reports and amounts due to Revenue • Distribution of payslips and reports are automated and automatically available to employees

25. Securely Storing Employee Payroll Data • Password protect computers that hold personal data • Password protect software applications that hold personal data • Password protect or encrypt payslips and other documents that may be emailed to employees

26. -Data Processor Agreement

27. Who Processes Payroll? In-house Payroll Outsourced Payroll Data Processor Employer Payroll Bureau Data Controller Employer Employer Data Subject Employees Employees A written contract must be in place! Employees must be informed, consent is not required.

28. Data Processor Agreement • Whenever a data controller uses a data processor there needs to be a written contract in place • Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met • Data processors will have some direct responsibilities and may be subject to fines or other sanctions if they don’t comply

29. What does this contract look like? • Compliance: • Draft new Terms of Service / EULAs / Engagement Letters • Issue an Addendum to any existing contract • Contract Content • Mandatory content has expanded • Template Data Processor Agreement (DPA)

30. -How BrightPay can help

31. - Standard Licence: £99 + VAT • One employer • Unlimited employees • Free phone & email support • Full functionality Payroll Software Bureau Licence: £229 + VAT • Unlimited employers • Unlimited employees • Free phone & email support • Full functionality

32. - How can Bright Contracts help with GDPR compliance?

33. - Standard Licence: £99 + VAT • One employer • Unlimited employees • Free phone & email support • Online HR templates Employment Contracts, Handbooks & Privacy Policies Bureau Licence: £199 + VAT • Unlimited employers • Unlimited employees • Free phone & email support • Online HR templates

34. - How can BrightPay Connect help with GDPR compliance?

35. © NEST Corporation 2015 BrightPay Connect •Automated Cloud Backup Self-Service Remote Access Password Protected Payslip Portal Secure Document Exchange Accurate Employee Records Right to Rectification User Restrictions Central Location for Documents

36. - Single Employer: £49 + VAT per tax year BrightPay Connect Standard Pro Bundle: • BrightPay Payroll • BrightPay Connect • Bright Contracts Worth: £247 Bundle Price: £199

37. -How have we prepared for GDPR?

38. © NEST Corporation 2015 Key Changes •In-Program Customer Support Privacy Policy Internal IT Audits Secure Servers Additional Consent Staff Training & Awareness Bright Contracts Thesaurus & BrightPay Connect

39. -Questions & Answers

GDPR - 5 Months On!

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

GDPR - 5 Months On!

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à GDPR - 5 Months On! (20)

Plus par BrightPay Payroll and Auto Enrolment Software (20)

Plus récents (20)

GDPR - 5 Months On!

GDPR - 5 Months On!

Vous êtes en train de lire un aperçu.

GDPR - 5 Months On!

Suggestions

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à GDPR - 5 Months On! (20)

Plus par BrightPay Payroll and Auto Enrolment Software (20)

Plus récents (20)

GDPR - 5 Months On!