Your GDPR Questions Have Been Answered!
GDPR/ the General Data Protection Regulation has been around since May 2018 but the stipulations surrounding GDPR can still be confusing at times which is why we decided to cover this topic as FAQ's but firstly to explain what GDPR is, it is the toughest privacy and security law in the world. Even though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. Under GDPR you have a fundamental right of access to your personal data from data controllers.
What is personal data?
Personal data is information that relates to you, or can identify you, either by itself or together with other available information. Personal data can include your name, address, contact details, an identification number, IP address, CCTV footage, access cards, audio-visual or audio recordings of you, and location data.
What personal data can employers lawfully process?
GDPR states that to be able to ‘Lawfully Process’ personal data you must be able to fall into at least 1 of the 6 processing classifications, the first one being Consent. Consent must be:
- Specific, informed, unambiguous, and freely given – there must be evidence that clear affirmative action has been given.
- Must be for a specified purpose
- Where consent is obtained as part of a larger document covering other things, consent text must be clearly distinguished from everything else
- Evidence needs to be retained as to how the consent was obtained. For example; forms, brochures signage, website screenshots.
- Language must be accessible and easily understood.
- Have a clear and seamless opt-Out process in place.
- If you have mailing lists that you’ve used pre GDPR you will not be able to continue using them if you haven’t got specific approval or consent from the individuals.
Do we need to ask for consent from our employees to process their data?
No, as the reliance for processing and retaining their data will be down to lawful processing because of the employer’s legal obligation to deduct taxes etc. and also down to the contractual agreement in place to pay them and pay forward the taxes owed on their behalf. And also to the nature of the relationship between the employer and the employee, the status quo is in the employer’s favour so consent would not be unambiguous or freely given.
Is the emailing of pay slips permissible under GDPR?
There is nothing in the GDPR that states it is no longer permissible to email payslips, this practice is still very much acceptable. The thing to keep in mind in relation to emailing payslips is to ensure that all appropriate security measures are in place. The payslips that are emailed from BrightPay are encrypted and deleted from our servers once sent, however it may also be prudent of a processor of the payroll to password protect the payslips also. It will be the responsibility of the Data controllers (employers) to be vigilant that correct email addresses are inputted.
Do I need to provide my employees with training about GDPR?
It is advised that employers provide training to all individuals about their data protection responsibilities as part of the induction process. Additional training should be provided at regular intervals thereafter or whenever there is a substantial change in the law or The Company’s policy and procedures.
If data protection is breached, what are the consequences?
It is important that you comply with the GDPR legislation and put adequate policies and procedures in place. Your organisation can be inspected and could face significant penalties if your practices are in breach of GDPR. The GDPR allows the EU's Data Protection Authorities to issue fines of up to €20 million or 4% of annual global turnover (whichever is higher).
Bright Contracts contains a 'Data Protection' section of the Company Handbook which can be viewed under the 'Introduction' tab. Download a trial of our software to see a sample of this content.
Related Articles:
- How BrightPay Connect is helping with GDPR
- Online Payslips: Their benefits and why you should use them
Time Saving With Bright Contracts
Contracts. . . they are the pain point of every HR professional when recruiting new employees, processing promotions, extending contracts etc. To non HR professionals it may seem like typing up contracts is quick and easy work but this could not be further from the truth. The following are just some of the pain points I’ve had when typing up contracts, read and tick off any that may apply to you too when creating contracts of employment:
- Formatting Issues
- Grammatical Errors
- Mis-matched Fonts
- Saving Error: Corrupted file error meaning I have lost my entire document
- Time consuming reading complete contract to check for errors
- Printing Errors: Prints off centre or like a jigsaw puzzle making it frustrating to read
Well, how many points did you tick off that were applicable to you? If you found yourself even ticking off two of the above then you need Bright Contracts in your life as this software eliminates every single one of them pain points and produces a consistent, formatted, clean and compliant contract and handbook for each of your employees.
Read the below quick fire Q&A to gain an insight into what bright Contracts is, how it works and how it can help you with your contract and handbook creation:
What is Bright Contracts?
Bright Contracts is a software package that has everything you need to create and manage a professional staff handbook and contracts of employment. What was once traditionally an expensive, complicated and time-consuming process is now quick, easy and affordable with Bright Contracts.
Why should I use it?
Without employee contracts in place, an employer is risking large settlements in the case of staff disputes, and fines in the case of regulatory inspections. Having contracts also clearly defines the contractual relationship between you and your employees. Bright Contracts is the easiest way to get sorted.
What legislation is the software based on?
Bright Contracts has been written taking into account employment legislation across England, Scotland, Wales and Northern Ireland. The main piece of legislation governing the content of Bright Contracts is The Employments Rights Act 1996 and The Employment Rights (Northern Ireland) Order 1996. The legislation specifies that employees must receive written terms and conditions of employment and what these terms and conditions are. In addition Bright Contracts has taken cognizance of current best practices as well as all relevant legislation in the creation of the content of the contract and handbook. Legislation also requires that employers are provided with details of procedures relating to dismissal, disciplinary and grievances, all of which are covered in our documentation.
How do we know this system complies with requirements and what if the law changes?
The system content has been compiled and tested by HR/Employment law experts. The system will be updated with any changes in legislation, changes brought about by case law or changes in best practice. These updates will be flagged to all current users and will be free to download.
How many people can access Bright Contracts?
When a licence is purchased it comes with two activations which means it can be activated on two separate computers. Once these activations have been used they cannot be deactivated and reactivated on another device.
Do I print off the handbooks and contracts?
The simple answer is yes however if you are trying to reduce your paper foot print then you can also have the handbook and contracts of employment as a pdf document which can then be e-mailed or, if you use our Bright Pay Connect product you can upload the documents to the employee’s connect profile.
You can avail of a free trial of the software or purchase a Bright Contracts licence to adapt these policies to your business today. If you are looking to adopt or change your HR Software book a free 15-minute online demo to see how Bright Contracts can change your world of HR.
Related Articles:
The Vaccine & The New World of Work Webinar
With vaccination rollout currently underway across Ireland employers are beginning to look at returning a number of their employees to the workplace over the coming months which means plans need to be in place and actions need to be carried out to ensure it is as smooth and safe a return as possible.
We recently hosted a webinar recently which detailed for our customers how best to tackle returning their employees to the workplace including implementing a vaccine policy. To view the webinar recording click below:
Bright Contracts has recently updated its software to include a COVID-19 vaccine policy applicable to any business/ industry. This policy is in addition to the COVID-19 Response Plan and Temporary Working From Home Policy currently available on Bright Contracts.
You can avail of a free trial of the software or purchase a Bright Contracts licence to adapt these policies to your business today. If you are looking to adopt or change your HR Software book a free 15-minute online demo to see how Bright Contracts can change your world of HR.
Role Changing During COVID-19: Can employers ask this of their employees?
An employer can expect its employees to carry out different roles within the business where their contract of employment permits this. The employer should consider the relevant job descriptions to see if they comprise of the proposed changes, or if the contract contains a flexibility clause that allows the employer to vary the employees' roles and/or duties. If the employment contract does not allow for this, employers must be aware of the difficulties of imposing contractual changes which could potentially result in claims for constructive unfair dismissal. Any changes to the contract of employment should therefore should be undertaken with early consultation and with a view to reaching agreement with employees.
During the COVID-19 outbreak, employees may be more prepared to accept changes to their contract of employment where there is an imperative need for the work to be carried out, or where the viability of the business may be at risk. Employees may be willing to take on different roles if they are aware that it is for a brief period. The employer should be as transparent as possible with employees about the duration of any changes to their roles. An employee may be seen as having agreed to contractual changes if they carry out the varied role without any complaint.
Employers should ensure that suitable training is provided to any employees who may be required to carry out unfamiliar tasks and a risk assessment should be carried out to cover the temporary redeployment. For example, young or pregnant workers should not be substituted into inappropriate work.
Related Articles:
- Out of Hours Communication: The Right to Disconnect
- 1 Year On – COVID-19 & Working from Home
- Covid-19 mandatory policy now available on Bright Contracts
Free Webinar: The Vaccine & The New World of Work | April 28th, 11AM Register Today
Back to Basics - New Employees
We often get calls into the helpline requesting basic information on HR/Employment Law queries like how to deal with new starters or when should an employer invoke the disciplinary procedures, so we will look at some basic HR topics in a series of blogs starting today with new employees.
New Employees
• A new employee is required by law, under the Unfair Dismissal Act, to receive a copy of the company’s ‘Dismissal Procedures’, which are usually contained in the ‘Disciplinary/Grievance Procedures’ of the Staff or Company Handbook, within 28 days of starting work with the company.
• Under the Terms of Employment (Information) Act 1994 the employer is obliged to furnish new employees within 2 months of starting, with a ‘Written Statement of ‘certain’ terms and conditions’ of their employment, also known as an ‘Employment Contract’.
• The new GDPR regulations specify that employers must provide their employees with information about what personal data they hold on them, for what purpose and how it was collected, who it may be shared with, what security measures are in place to keep it safe and what the employee’s rights are as well as other specific requirements. This is called an ‘Employee Privacy Policy’ or ‘Employee Privacy Notice’ and should be given to the employee as an addendum to their Employment Contract.
Based on these 3 pieces of legislation it would be best practice to provide your new starter with their Employment Contract, Privacy Policy and Staff/Company Handbook on their first day of work, if not before it. An employer can be fined up to 4 weeks pay for not providing the employee with their ‘Written Statement of Terms and Conditions of Employment’ within the 2 month timeframe, so it is best to get into the habit of furnishing the documents as soon as possible.
There is no requirement for a signature from the employee on any of these documents; however it would be prudent of an employer to request a signature from the employee or at least some form of acknowledgement or proof of the employee receiving the documents.
The new Employment Bill 2017, yet to be introduced, stipulates that a new employee should receive some details of their terms of employment within 5 days of starting with a company but it is yet to be seen whether this aspect of the Bill will get the go ahead.
Bright Contracts offers employers a simple and user-friendly system which enables them to easily create and customize all of these documents and keep an electronic record on file. To download a Free Trial click here or book an online Demo of the Bright Contracts software.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
Privacy Policies - a GDPR requirement
One of the main principles of GDPR is that Data shall be processed lawfully, fairly and in a transparent manner, these three elements overlap and all three must be satisfied in order to demonstrate compliance.
Employers, as both Data Controllers and Processors, must be able to show how they comply with the new data protection principles and be clear and open with their employees about the processing of data and their rights. The GDPR stipulates that anywhere personal data is being collected, either directly or indirectly, Privacy Notices should be in place, these policies are critical to complying with the transparency obligations in the GDPR. So the introduction of an Employee Privacy Policy will cover the required elements and ensure demonstratable compliance in this regard.
The Privacy Policy should be written in a clear and easily-understandable format and must include;
• What data is processed – name, address, PPS no., bank details, etc.
• How it was obtained – employee detail request form, CV, ROS, etc.
• The ‘legal basis’ for processing the data – contractual necessity, legal obligation, etc.
• Who has access to it and any third parties– HR dept., payroll clerk, pension company
• How it is stored and security – HR system, Thesaurus software, encryptions, etc.
• How long it is kept for –set in company policies or statutory requirements
• The rights of the employee – right to access, rectification, erasure, etc.
• If data is transferred outside the EEA
• Contact details of Data Controller
We have recently upgraded our Bright Contracts software to include a new Employee Privacy Policy feature, so now employers can facilitate the main GDPR principle of lawful, fair and transparent processing of the employee data. We have also updated the Data Protection Policy within the Handbook and the Data Protection Clause within the contracts.
To download a free trial of Bright Contracts, click here.
To request a free online Demo of Bright Contracts, click here.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
Why am I getting all these emails about privacy?
Lately you may have noticed your inbox bulging each morning with lots of emails with similar subject lines to these;
“Your privacy = our priority” “GDPR Data Protection – Your Data is Safe with us”
“Big Changes are coming” “Opt-In to continue receiving our great updates”
“GDPR update – please don’t leave us!” “We’re keeping your details safe”
New, tougher European regulations around privacy and the use of personal data have now come into force and could see companies hit with huge fines if found to be in breach of the new laws.
In order for personal data to be processed lawfully, the processor must be able to rely on the reasoning being at least one of 6 categories, the main one being Consent. So if you were previously signed up with a company to receive newsletters or emails about special offers, they can no longer continue to send you these without your explicit consent.
Previous Data Protection Legislation allowed for an option to ‘Opt-Out’ as being sufficient means to mark having your consent, however with the new GDPR this is no longer the case. Consent must be ‘freely given’ unambiguous’ and for a ‘specific purpose’. Consent must be easily read and clearly distinguishable from other text and evidence must be collected as to how consent was obtained.
Consent can no longer be assumed and the likes of pre-ticked boxes that would have needed to be unticked if you didn’t want to register are now banned. Also the facility to Unsubscribe must be clear and an easy procedure to follow.
So all the emails you have been receiving, like those listed above, are those companies that you may previously have signed up with, scrambling to cover themselves for GDPR and not wanting to lose you as a possible customer or sale.
For more information on GDPR and how it may affect your organization, please see our dedicated online support documentation here.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
WRC Annual Report 2017 – The Facts and Figures
The Work Place Relations Commission have published their third annual report, outlining the key performance metrics relating to complaints filed and decisions made across the employment realms.
One of the bigger achievements made by the WRC is a dramatic reduction in the length of time it takes to get a case to resolution. When the WRC was established in October 2015 it could take a case up to 2 years to secure an outcome whereas now, once submissions are received, it is taking less than 6 months.
Other Key Facts
• €1.8 million was recovered in unpaid wages; up €300,000 on the previous year
• 4750 workplace inspections were carried out, either announced or unannounced with over 99,000 employees covered by these inspections
• 14,001 complaints were received by WRC relating to:
- Pay – 27%
- Unfair Dismissal - 14%
- Discrimination and Equality - 11%
- Terms and Conditions of Employment – 8%
• Over 52,000 calls were received on the WRC information hotline, with just under half of these relating to employment permit queries.
• There were 4,370 adjudication hearing’s; up 24% on 2016
It is now almost three years since the formation of the WRC, and from the above figures it is clear that they are well into their stride and making significant inroads in terms of their objective of promoting the improvement of workplace relations, encouraging compliance with relevant employment and equality legislation. As such it is imperative that employer’s have the proper records in place in case of an inspection.
Solution
Bright Contracts allows the user to create and customise contracts of employment and company handbooks, this covers part of your obligation as an employer under current Employment Legislation.
To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.
How GDPR will affect your employee processing
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 changing the way we process data forever. The aim of the GDPR is to put greater protection on the way personal data is being processed for all EU citizens. Personal data can be anything from a name, an email address, PPS number, bank details etc so as you can imagine employers process a huge amount of personal data on a daily basis. So how will the GDPR affect employers in terms of processing employee data?
Consent
Data in the employment context, will include information obtained from an employee during the recruitment process (regardless of whether or not they eventually got the job), it will also include the information you hold on current employees and previous employees. All this information may be saved in hard copy personnel files, held on HR systems or it could be information contained in emails or information obtained through employee monitoring.
Under GDPR your employee’s will have increased rights around their data.
These rights will include:
- The Right to Access. It’s not a new concept that employees will be able to request access to the data you hold on them. However, there is a new recommendation that where possible employers should provide their employees with access to a secure self-service login where they can view data stored on them. This backs-up the whole concept of transparency and ease of access to data, which underpins the new Regulations.
- The Right to Rectification. Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. This is an existing right and the onus is on the employer to ensure that your employee records are kept up-to-date. To help ensure you maintain up-to-date records, employers should make it easier for employees to update their data.
- The Right to be informed. Employers must be very transparent with employees about what data you hold, why and how long it is held for. Up until now it has been the common practice for many employers to include a standard clause in the employment contract regarding the processing of HR Data, under GDPR that will no longer be sufficient. Employers need to be reviewing their Employee Data Protection Policies and possibly writing new Employee Privacy Policies that go into detail on the processing of employee data.
Employee self service
Under the GDPR legislation, where possible employers should be able to provide self-service remote access to a secure system which would allow employees view and manage their personal data online 24/7. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees. By introducing a self-service option, you will be taking steps to be GDPR ready.
For information on how long to keep on employee files please see our blog: How long should you retain employee records under GDPR?
To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.
How long should you retain employee data under GDPR?
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018, legislation with new rules and guidelines on how to protect and process personal data. Employee personal data held may include: name, address, phone number, email address, emergency contact details, PPS number, bank account details etc.
The GDPR requires that when retaining and processing personal data there must be lawful reasoning for doing so. In terms of processing employee data employers are likely to rely on a number of lawful reasons, mainly: to fulfill contractual obligations, legal obligations or other legitimate interests. Under data protection legislation employee data should be kept for no longer than is necessary, for the purpose that it was retained. However, when deciding how long to retain personal data employers should be guided by employment legislation.
So how long should I retain employee data?
Written Terms of Employment – 1 year
Employers must retain a copy of this statement throughout the employee’s employment and for one year after termination at a minimum.
Payroll details and Payslips – 6 years
Records, calculations and documents relating to the value of benefits for employees must be kept for 6 years in the event of an audit by Revenue. The WRC may also inspect these in an audit and seek evidence that employees are supplied with payslips.
Hours of Work – 3 years
Details of days and hours worked each week, annual leave and public holidays taken and payment received for same. Rest break records and/or records of notification of employees being fully informed about rest break entitlement and procedures if rest break is unable to be taken.
Maternity and Adoptive Leave Records – none
While there is no set period of the retention of data on maternity leave or adoptive leave records, claims can be made within 6 months of employers being informed of an issue giving rise to a dispute or extended to 12 months in exceptional circumstances.
Parental Leave – 8 years
Records of Parental Leave, including the period of employment of each employee and the dates and times of the leave taken, must be retained for 8 years.
A more detailed list of Employee Record Keeping Requirements can be viewed here.
Where legislation gives no guidance on record keeping requirements, employers should carefully predetermine, and include in any employee privacy notice, how long and the grounds they will use for retaining that data. For example; an employer may decide to retain all performance review records for the entire duration of an employee’s employment to monitor employee performance.
Whatever the reasoning behind retaining employee data – whether it be legal or other business reasons, employers need to ensure they have a clear policy outlining their reasoning, that this is easily accessible to employees and that the policy is consistently applied.
To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.
