GDPR Data Payroll Guide
What is Sensitive /Personal data from a payroll perspective under GDPR?
There are 2 types of data under GDPR, sensitive data has the most restrictions for processing and personal data is more common. Please remember to never send either type of data via an unsecured method, such as email after 25th May 2018. Please also keep any such data you hold on your own hard drives/servers in a secure way.
Under GDPR the definition of sensitive data is as follows –
“Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.”
What sensitive data should and shouldn’t we send to Meacher-Jones?
There are few circumstances where we would have legitimate reason to process any sensitive data. If you do collect any of the above as part of your HR records, please do not send it to us, except for;
- Fit/sick notes, you have a legal obligation to prove you have correctly paid SSP.
- Trade union membership – If you deduct a membership fee from pay, then the employee should have provided express consent to process that data.
What is the GDPR definition of personal data?
“Any information relating to an identified or identifiable natural person.” The legislation clarifies this as “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
In simple terms, everything about employee’s personal lives.
What personal data should and shouldn’t we send to Meacher-Jones?
The main area of concern is new employee forms, your new employee form may for example contain information on prior criminal convictions or disability, we do not need this information so it should not be sent to us.
Personal data we will need for the legal obligation to process payroll consists of;
- Full name
- Date of birth
- National Insurance Number
- Email address
- Employment status
- Prior employment details (P45 or new starter declaration)
- Student loan details
- Working pattern
- Payment/deduction details
- Limited pension details
- Limited absence details, such as dates and high-level descriptions i.e. “Unpaid leave” or Maternity forms.
- Start/leave dates
- Tax status
If you have a query regarding a data request please contact the office on 01244 401001.
What They Say
I’ve been dealing with Meacher-Jones for a number of years now and Matt Cardus is a pleasure to converse with. He is efficient and thorough in his work and a real credit to the company. Never too busy to help me with the smallest and sometimes larger queries, and always with a smile.
If you want to know more about how we can help you please use the form below.
Our newsletters provide relevant accounting and tax news along with relevant tax date reminders.