The rules on data protection are changing. The Data Protection Act will be replaced by the General Data Protection Regulation (GDPR) on 25 May 2018.
GDPR will see individuals have more control over their own personal data. This means that when handling an individual’s personal data, we have a responsibility, as a business, to meet their rights.
Individuals will have eight rights. These are:
- The right to be informed how you use their personal data
- The right to access their personal data
- The right to be forgotten and have their data deleted in specific circumstances
- The right to data portability to transfer their data to another service provider
- The right to have information corrected if it’s out of date, incomplete or incorrect
- The right to object to, or stop, their data being processed on certain grounds
- The right to restrict processing, meaning they can request that their data is only kept on file and not used for processing
- Rights in relation to automated decision making and profiling, meaning that in some cases individuals have the right not to be subject to a decision that is based on an automated process.
Highland Payroll Services will be classed as Data Processors appointed by Data Controllers – the client. Any request from an individual (employee) will be sent by the client – The client will be classed as the Data Controller under GDPR.
We provide assurance that we are processing data provided by Data Controllers in accordance with instructions and our terms of business/contract.
Data on payroll will be kept for 3 full tax years years in accordance with HMRC requirements and then destroyed.
We take data security very seriously. All data is held securely and backed up continuously using external hard drives and cloud based services – all are encrypted.
We have staff policies to minimise risk of data breach – including a clear desk policy, password protected PCs/laptops, all confidential papers are shredded or retained in locked cabinets. All internet access is via secure password protected internet.
To minimise risk of Cyber Attack we have premium malware protection as well as Cyber Security Insurance cover of £10,000.
Staff are trained to be as diligent as possible and any breach is immediately reported to a director. Any breach will be considered whether it is reportable to the ICO within 72 hours.
All payslips/reports will be password protected from 25th May 2018 to minimise any risk of data breach from human error.
We have conducted a Data Protection Impact Assessment to assess the risks and are GDPR Compliant.
Highland Payroll Services – GDPR