Archive RSS
22
Jun 18

Posted by
Jennie Hussey

Privacy Policies - a GDPR requirement

One of the main principles of GDPR is that Data shall be processed lawfully, fairly and in a transparent manner, these three elements overlap and all three must be satisfied in order to demonstrate compliance.
Employers, as both Data Controllers and Processors, must be able to show how they comply with the new data protection principles and be clear and open with their employees about the processing of data and their rights. The GDPR stipulates that anywhere personal data is being collected, either directly or indirectly, Privacy Notices should be in place, these policies are critical to complying with the transparency obligations in the GDPR. So the introduction of an Employee Privacy Policy will cover the required elements and ensure demonstratable compliance in this regard.


The Privacy Policy should be written in a clear and easily-understandable format and must include;


• What data is processed – name, address, PPS no., bank details, etc.
• How it was obtained – employee detail request form, CV, ROS, etc.
• The ‘legal basis’ for processing the data – contractual necessity, legal obligation, etc.
• Who has access to it and any third parties– HR dept., payroll clerk, pension company
• How it is stored and security – HR system, Thesaurus software, encryptions, etc.
• How long it is kept for –set in company policies or statutory requirements
• The rights of the employee – right to access, rectification, erasure, etc.
• If data is transferred outside the EEA
• Contact details of Data Controller


We have recently upgraded our Bright Contracts software to include a new Employee Privacy Policy feature, so now employers can facilitate the main GDPR principle of lawful, fair and transparent processing of the employee data. We have also updated the Data Protection Policy within the Handbook and the Data Protection Clause within the contracts.


To download a free trial of Bright Contracts, click here.
To request a free online Demo of Bright Contracts, click here.

Posted in Bright Contracts News, Contract of employment, Employee Contracts, Employee Records, GDPR, General Data Protection Regulation, New Features, Software Upgrade

13
Jun 18

Posted by
Jennie Hussey

Why am I getting all these emails about privacy?

Lately you may have noticed your inbox bulging each morning with lots of emails with similar subject lines to these;


“Your privacy = our priority”                   “GDPR Data Protection – Your Data is Safe with us”
“Big Changes are coming”                        “Opt-In to continue receiving our great updates”
“GDPR update – please don’t leave us!”  “We’re keeping your details safe”


New, tougher European regulations around privacy and the use of personal data have now come into force and could see companies hit with huge fines if found to be in breach of the new laws.
In order for personal data to be processed lawfully, the processor must be able to rely on the reasoning being at least one of 6 categories, the main one being Consent. So if you were previously signed up with a company to receive newsletters or emails about special offers, they can no longer continue to send you these without your explicit consent.
Previous Data Protection Legislation allowed for an option to ‘Opt-Out’ as being sufficient means to mark having your consent, however with the new GDPR this is no longer the case. Consent must be ‘freely given’ unambiguous’ and for a ‘specific purpose’. Consent must be easily read and clearly distinguishable from other text and evidence must be collected as to how consent was obtained.
Consent can no longer be assumed and the likes of pre-ticked boxes that would have needed to be unticked if you didn’t want to register are now banned. Also the facility to Unsubscribe must be clear and an easy procedure to follow.


So all the emails you have been receiving, like those listed above, are those companies that you may previously have signed up with, scrambling to cover themselves for GDPR and not wanting to lose you as a possible customer or sale.


For more information on GDPR and how it may affect your organization, please see our dedicated online support documentation here.

Posted in Bright Contracts News, Company handbook, Contract of employment, Employee Contracts, Employee Handbook, Employment Contract

30
May 18

Posted by
Jennie Hussey

GDPR Frequently Asked Questions - Answered!

Is the emailing of payslips permissible under GDPR?
There is nothing in the GDPR that states it is no longer permissible to email payslips, this practice is still very much acceptable. The thing to keep in mind in relation to emailing payslips is to ensure that all appropriate security measures are in place. The payslips that are emailed from both Thesaurus and BrightPay are encrypted and deleted from our servers once sent, however it may also be prudent of a processor of the payroll to password protect the payslips also. It will be the responsibility of the Data controllers (employers) to be vigilant that correct email addresses are inputted.

Can I still use my hard-earned mailing lists after May 25th?
Not automatically - the GDPR states that to be able to ‘Lawfully Process’ personal data you must be able to fall into at least 1 of the 6 processing classifications, the first one being Consent. Consent must be:
• Specific, informed, unambiguous, and freely given – there must be evidence that clear affirmative action has been given.
• Must be for a specified purpose
• Where consent is obtained as part of a larger document covering other things, consent text must be clearly distinguished from everything else
• Evidence needs to be retained as to how the consent was obtained. For example; forms, brochures signage, website screenshots.
• Language must be accessible and easily understood.
• Have a clear and seamless opt-Out process in place.
If you have mailing lists that you’ve used pre GDPR you will not be able to continue using them if you haven’t got specific approval or consent from the individuals.

Do we need to ask for consent from our employees to process their data?

No, as the reliance for processing and retaining their data will be down to lawful processing because of the employer’s legal obligation to deduct taxes etc. and also down to the contractual agreement in place to pay them and pay forward the taxes owed on their behalf. And also to the nature of the relationship between the employer and the employee, the status quo is in the employer’s favour so consent would not be unambiguous or freely given.

More information can be found in the GDPR section of our online support documentation on our website - Bright Contracts IRL - GDPR

To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.

BrightPay - Payroll Software | Thesaurus Payroll Software
Bright Contracts - Employment Contracts and Handbooks

22
May 18

Posted by
Laura Murphy

Do employers need to amend employees' contracts to comply with the GDPR?

No, it is not necessary for employers to amend the contracts of existing employees to comply with the General Data Protection Regulation (GDPR). However if your employment contract includes a data protection clause it will need to be revised for any new contracts created. 

For existing employees, employers should issue a new privacy notice to, providing information on the processing of their personal data, which would override any invalid data protection clauses in the contract. The GDPR specifies the information that the employer must provide in the employee privacy policy. The information includes the purposes for which the employer will process the employee's personal data, the legal bases for the processing, information about the retention period and information about the employee's rights as a data subject.

What has Bright Contracts done?

  • Updated employment contract: whilst not necessary to update existing employees’ contracts, we have updated the Data Protection contract clause for all new contracts created in Bright Contract.
  • Employee Privacy Policy: a new Employee Privacy Policy will be made available to all Bright Contracts customers. The new policy contains all the specific information required under GDPR.
  • Data Protection Policy: the handbook Data Protection Policy has been updated and should also be communicated to employees.
17
May 18

Posted by
Jennie Hussey

WRC Annual Report 2017 – The Facts and Figures

The Work Place Relations Commission have published their third annual report, outlining the key performance metrics relating to complaints filed and decisions made across the employment realms.

One of the bigger achievements made by the WRC is a dramatic reduction in the length of time it takes to get a case to resolution. When the WRC was established in October 2015 it could take a case up to 2 years to secure an outcome whereas now, once submissions are received, it is taking less than 6 months.

Other Key Facts

• €1.8 million was recovered in unpaid wages; up €300,000 on the previous year
• 4750 workplace inspections were carried out, either announced or unannounced with over 99,000 employees covered by these inspections
• 14,001 complaints were received by WRC relating to:

  • Pay – 27%
  • Unfair Dismissal - 14% 
  • Discrimination and Equality - 11% 
  • Terms and Conditions of Employment – 8%

• Over 52,000 calls were received on the WRC information hotline, with just under half of these relating to employment permit queries.
• There were 4,370 adjudication hearing’s; up 24% on 2016

It is now almost three years since the formation of the WRC, and from the above figures it is clear that they are well into their stride and making significant inroads in terms of their objective of promoting the improvement of workplace relations, encouraging compliance with relevant employment and equality legislation. As such it is imperative that employer’s have the proper records in place in case of an inspection.

Solution

Bright Contracts allows the user to create and customise contracts of employment and company handbooks, this covers part of your obligation as an employer under current Employment Legislation.

To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.

Posted in Company handbook, Contract of employment, Discrimination, Dismissals, Employment Tribunals, Wages, Workplace Relations Commission, WRC

12
Apr 18

Posted by
Laura Murphy

How GDPR will affect your employee processing

The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 changing the way we process data forever. The aim of the GDPR is to put greater protection on the way personal data is being processed for all EU citizens. Personal data can be anything from a name, an email address, PPS number, bank details etc so as you can imagine employers process a huge amount of personal data on a daily basis. So how will the GDPR affect employers in terms of processing employee data?

Consent

Data in the employment context, will include information obtained from an employee during the recruitment process (regardless of whether or not they eventually got the job), it will also include the information you hold on current employees and previous employees. All this information may be saved in hard copy personnel files, held on HR systems or it could be information contained in emails or information obtained through employee monitoring.

Under GDPR your employee’s will have increased rights around their data.

These rights will include:

  • The Right to Access. It’s not a new concept that employees will be able to request access to the data you hold on them. However, there is a new recommendation that where possible employers should provide their employees with access to a secure self-service login where they can view data stored on them. This backs-up the whole concept of transparency and ease of access to data, which underpins the new Regulations.
  • The Right to Rectification. Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. This is an existing right and the onus is on the employer to ensure that your employee records are kept up-to-date. To help ensure you maintain up-to-date records, employers should make it easier for employees to update their data.
  • The Right to be informed. Employers must be very transparent with employees about what data you hold, why and how long it is held for. Up until now it has been the common practice for many employers to include a standard clause in the employment contract regarding the processing of HR Data, under GDPR that will no longer be sufficient. Employers need to be reviewing their Employee Data Protection Policies and possibly writing new Employee Privacy Policies that go into detail on the processing of employee data.

Employee self service

Under the GDPR legislation, where possible employers should be able to provide self-service remote access to a secure system which would allow employees view and manage their personal data online 24/7. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees. By introducing a self-service option, you will be taking steps to be GDPR ready.

 

For information on how long to keep on employee files please see our blog: How long should you retain employee records under GDPR?

To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.

Posted in Bright Contracts News, Contract of employment, Employee Handbook, Employee Records, Employee Self Service, GDPR, General Data Protection Regulation

4
Apr 18

Posted by
Lauren Conway

How long should you retain employee data under GDPR?

The General Data Protection Regulation (GDPR) will come into force on 25th May 2018, legislation with new rules and guidelines on how to protect and process personal data. Employee personal data held may include: name, address, phone number, email address, emergency contact details, PPS number, bank account details etc.

The GDPR requires that when retaining and processing personal data there must be lawful reasoning for doing so. In terms of processing employee data employers are likely to rely on a number of lawful reasons, mainly: to fulfill contractual obligations, legal obligations or other legitimate interests. Under data protection legislation employee data should be kept for no longer than is necessary, for the purpose that it was retained. However, when deciding how long to retain personal data employers should be guided by employment legislation.

So how long should I retain employee data?

Written Terms of Employment – 1 year

Employers must retain a copy of this statement throughout the employee’s employment and for one year after termination at a minimum.

Payroll details and Payslips – 6 years

Records, calculations and documents relating to the value of benefits for employees must be kept for 6 years in the event of an audit by Revenue. The WRC may also inspect these in an audit and seek evidence that employees are supplied with payslips.

Hours of Work – 3 years

Details of days and hours worked each week, annual leave and public holidays taken and payment received for same. Rest break records and/or records of notification of employees being fully informed about rest break entitlement and procedures if rest break is unable to be taken.

Maternity and Adoptive Leave Records – none

While there is no set period of the retention of data on maternity leave or adoptive leave records, claims can be made within 6 months of employers being informed of an issue giving rise to a dispute or extended to 12 months in exceptional circumstances.

Parental Leave – 8 years

Records of Parental Leave, including the period of employment of each employee and the dates and times of the leave taken, must be retained for 8 years.

A more detailed list of Employee Record Keeping Requirements can be viewed here.

Where legislation gives no guidance on record keeping requirements, employers should carefully predetermine, and include in any employee privacy notice, how long and the grounds they will use for retaining that data. For example; an employer may decide to retain all performance review records for the entire duration of an employee’s employment to monitor employee performance.

Whatever the reasoning behind retaining employee data – whether it be legal or other business reasons, employers need to ensure they have a clear policy outlining their reasoning, that this is easily accessible to employees and that the policy is consistently applied.

To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.

Posted in Contract of employment, Employee Contracts, Employee Records, Employment Tribunals, GDPR, General Data Protection Regulation, Parental Leave, Workplace Relations Commission, WRC

22
Mar 18

Posted by
Laura Murphy

New SEO giving enhanced employment rights for plumbers and fitters

As of 6th March 2018 a new Sectoral Employment Order (SEO) came into force for those working in the Mechanical Engineering Building Services Contracting Sector.

What is an SEO?

SEOs now replace the old Registered Employment Agreement system which was ruled unconstitutional in 2013. This is the second SEO that has been enacted after the Construction Industry SEO was introduced last October. The SEO sets out increased employment rights for those working in the industry.

Who exactly does this SEO apply to?

It is estimated that the SEO will apply to 10,000 plumbers and pipefitters and registered apprentice plumbers and pipefitters, working in the Sector.

New hourly wage rates

Category 1: Newly qualified plumbers and pipefitters €22.73
Category 2: Qualified plumbers and pipefitters employed in the Sector with effect from the commencement
of their 3rd year of employment after qualification as a plumber or pipefitter
€23.33
Category 3: Qualified plumbers and pipefitters employed in the Sector with effect from the
commencement of their 6th year of employment after qualification as a plumber or pipefitter
€23.60


The rates for apprentices in the Sector has also been increased, with rates of 33.3% of the Category 1 hourly rate of pay for Year 1 Apprentices to 90% of the Category 1 hourly rate of pay for Year 4 Apprentices.

Normal Working Week and Unsociable Hours

The normal working week shall consist of 39 hours worked between Monday and Friday each week.

Normal Daily Working Hours

Normal daily working hours shall consist of eight consecutive hours of work undertaken between the hours of 7 am (normal weekday starting time) and 5 pm (normal weekday finishing time) Monday — Thursday inclusive and between the hours of 7 am (normal Friday starting time) and 4 pm (normal Friday finishing time) on Friday.

Other Hours Worked

Hours worked outside of those hours shall constitute unsocial working hours and shall attract the following premium payments:

Hours worked between normal finishing time and Midnight Monday to Friday inclusive: Time plus a half
Hours worked between Midnight and normal starting time Monday to Friday: Double time
First four hours worked after 7 am on Saturday: Time plus a half
All other hours worked on Saturday: Double time
All hours worked on Sunday: Double time
All hours worked on Public Holidays: Double time plus an additional day’s leave


Other Employment Rights

  • Pension and death-in-service benefit
  • Sick Pay Scheme
  • New Dispute Resolution Procedure: this outlines certain procedures that have to be complied with when a dispute occurs, before any form of industrial action can take place.

What do employers need to do now?

The SEO is legally binding on all employers in the Sector, whether or not they are members of a union and whether or not they agree with the SEO. Employers will need to review their payment practices and employment terms and conditions to ensure that they comply with the new requirements.

12
Mar 18

Posted by
Laura Murphy

St. Patrick's Day 2018 - Employers; is it Saturday 17th or Monday 19th?

This year St. Patrick’s Day falls on a Saturday, leaving many businesses confused as to how the benefit for St. Patrick’s Day should be given. We’ve clarified what you need to know here:

Monday 19th March 2018 may be a Bank Holiday, in that the banks are closed, but it is a normal working day and not a Public Holiday, Saturday 17th is the Public Holiday. Many businesses that operate Monday to Friday will honour Monday 19th as the holiday and close that day, but this is not a mandatory requirement. It is a requirement that full-time employees, and eligible part-time employees, are given their public holiday statutory entitlement for Saturday 17th March.

What is the Statutory Entitlement?

An employee is entitled to their employer’s choice of the following in respect of a public holiday:

  • A paid day off on that day
  • A paid day off within a month of that day
  • An additional day of annual leave
  • An additional day’s pay

Open for business on 17th March & 19th March?

Businesses that are open for business on Saturday 17th March should treat Saturday 17th March as the Public Holiday. Employees who are scheduled to work on that day should receive one of the last three options above. Employees who are not scheduled to work on 17th March may receive any of the four options. In this situation, there will be no further requirement to offer an additional benefit on Monday 19th March, this will be seen as a regular day.

 

Thesaurus Payroll Software | BrightPay Payroll Software

7
Mar 18

Posted by
Jennie Hussey

GDPR FAQ's Answered!

The General Data Protection Regulation comes into force on 25 of May 2018. It is legislation with new rules and guidelines on how to protect and process personal data. It is replacing existing data protection regulations that dated back as far as 1988 – obviously pre-dating the era of internet and social media as we currently know it. We are all having to evolve; amending policies and changing how things are done to take into account the new GDPR rules, so here are some of the queries we are receiving into our Bright Contracts support lines on GDPR which you may find useful:

Does GDPR apply to me?

If you are a company in this country, if your company is a sole trader or a limited company, if you have employee’s working for you or customer’s paying you, then you will more than likely hold some form of personal data belonging to them (i.e. a name, an address, a PPS number, a VAT number) If you hold anything that could be classed as personal data then the new GDPR will apply to you.

What is Personal Data?

Personal Data is defined as, “any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify a person.”

It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. (This is not an exhaustive list by any means) So, do you hold any of that type of information in your company? Of course you do; whether it is your clients, your customers or your employees. Somewhere along the line you will be dealing with personal data.

What rights do employees have under the GDPR?

As Data Subjects*, employees will have new and enhanced rights under the GDPR. The key rights in relation to employees include:

• The right to be informed: this emphasizes the need for transparency in how personal data is used. Employers should now be looking to revise their data protection policies and to implement new employee privacy policies outlining exactly what data is being held on employees.

• The right of access – there are amended rights surrounding an employee’s right to submit a data subject access request. A data subject access request involves an employee requesting to view all data retained on them, this will include data stored electronically and on paper files.

  • Time-frame for response has been reduced from 40 days to one month. 
  • It will no longer be permissible to charge a fee in order to respond to a subject access request.

• The right to rectification: individuals are entitled to have personal data rectified if it is inaccurate or incomplete. In fact it is recommended here that employers take steps to put the onus on employees to update their personal details should they change. For example, authorities will look unfavourably on employers who are communicating with employees through an old address having made no effort to ensure the address is correct. Employers are well advised to include a clause in employment contracts outlining the employee’s responsibility to notify the employer of a change in personal details.

• The right to erasure, also known as the right to be forgotten. The broad principle being that an individual has the right to request deletion or removal of personal data where there is no compelling reason to retain the data e.g. a legal requirement to retain employee data will always be a compelling reason to retain data.

* Data Subject: “an individual who is the subject of the personal data”.

Bright Contracts employee compliant GDPR policies are coming soon!

  • If you would like to be notified when they are complete please click here
  • For further information register now for our GDPR webinars here
  • Read our GDPR blogs  here

 

To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here

Posted in GDPR, General Data Protection Regulation

Older Articles >