Protecting his payroll data

25 September 2020

Payroll is one of the most important tasks for any business and while it is very important to ensure employees are paid accurately and on time, it is also vitally important to ensure that employees personal data is managed in a secure way.

Some of the information used in order to pay employees is very personal and highly sensitive. If a company does not use effective procedures to protect this information, it can leave them open to a breach of General Data Protection Regulations (GDPR) which could lead to large penalties and bad reputations

So how can your payroll data be better managed?

Below are some tips on how employers can improve the accuracy and protection of payroll information.

1. Have a central source for all employee data

  • It is important to have one place to hold up to date and accurate records for your employees, for example by using a HR system.
  • A HR system can then feed employee data to other aspects of your business (such as payroll) ensuring that accurate and consistent data flows through your business.
  • This can also limit the amount of staff involved and prevent duplication of work occurring. 
  • It will also reduce the risk of inaccurate data being held against your employees.

2. Limit the number of people that can access employee data

  • Ensure that access to employee data is strictly limited to those who need to know and use that information. By keeping sensitive data available to only a select few it will instantly reduce the risk of a GDPR breach.
  • Speak with your IT departments if they could place limitations on access for individuals.
  • Avoid employee information being held on large shared data bases as this could increases the risk of a GDPR breach.
  • Ensure usernames and passwords are required to access employee information and apply strict password requirements eg changing on a regular basis and using complex passwords which include numbers, special characters and upper/lower case characters.

3. Be sure you have skilled staff

  • It is vital to have a training module on GDPR and employers should ensure that all staff that handle employee data are regularly trained on the regulations.
  • Anyone who is running your payroll should have good knowledge of the payroll data to be able to spot any anomalies especially if being run in-house.
  • Alternatively outsourcing your payroll can ensure data is processed and handled correctly and securely.

4. Monitor duties carried out by individuals

  • It is helpful to have a clear segregation of duties within payroll processes to reduce risk of inaccuracy.
  • For example, review your processes to ensure the person who inputs data is different from the person who checks and reviews it.
  • It is also best practise to have a sign off procedure in place eg a checklist document that can be used as an audit trail of who processed the payroll data and who checked it.

5. Use secure methods of communication

  • If you outsource to a payroll provider, make sure your data is being shared in a safe way.
  • Using a secure communication portal that is encrypted is a strong way of improving data security as this means only those with access can log in and review employee data.
  • If sending payroll data via email, ensure that the employee data is in a separate attached document and not within the body of the email.
  • Also ensure that documents shared via email are password protected and the password is only shared between you and the recipient of the email.
  • Ensure your staff know never to disclose employee information via a call from a third party. Even if the caller claims to be from a governing body or the police, personal employee data should never be disclosed over the phone. Any such requests should be made in writing to your payroll or HR department.

6. Review data handling processes regularly

  • Carrying out regular reviews of your processes will mitigate the chance of data breaches or inaccuracies.
  • Internal audits are a good way to ensure staff who handle employee data are following the correct procedures and requirements of the GDPR and UK Data Protection Act 2018.
  • Employers can also look to have external audits run or can look to attain certification to prove they meet requirements. ISO 27001 will improve processes and show employees and potential clients that such data is dealt with correctly.
  • If you outsource your payroll, employers should check that their provider meet such standards.

These are just a few ways to improve the accuracy and protection of sensitive payroll information and there are many others to consider. By keeping up to date on GDPR and UK Data Protection regulations plus ensuring regular checks are carried out both internally and with third parties, employers can ensure they are proactively safeguarding their employee’s data.

For more information on protecting your employee data or any concerns you have about your process, please contact Simon Balaam.