Keep up to date with the latest news
Are you ready for GDPR?
Another day, another acronym. If IR35 wasn’t enough of a challenge to get your head round, now there’s GDPR to contend with. And it’s causing quite a stir.
Put simply, the General Data Protection Regulation (GDPR) strengthens and unifies data protection for all individuals across Europe. In reality, it’s a little more complicated!
The good news is, Payme is all over it! We’re getting our house in order to ensure we’re fully compliant by the time it comes into force on 25 May 2018. Here’s how:
- A dedicated Data Controller has been appointed to take responsibility for the security of our data
- We’re updating our BACS Payment Software to guarantee the protection of our payment data
- We’re implementing an enhanced data protection policy
- We’re conducting staff training to ensure all our employees are up to speed with how GDPR impacts on our registration and payment processes
- We’re obligated to keep payment/financial records for 6 years plus the current tax year – HMRC rules supersede those of GDPR. Therefore, the right to erasure (deleting personal information) does not apply.
If as an agency (and as we are), you are complying with the rules laid down in the Data Protection Act, you’re already halfway there. GDPR simply builds on those rules. However the fines are hefty if you get it wrong. Here are the key things your GDPR policy needs to cover:
- the intent with which any data is accessed and used – and that it is for specified and legitimate purposes only
- that data is relevant and limited to what’s necessary
- that you gain consent from the worker before processing any personal data and be able to demonstrate/record this consent. Some recruitment software companies are building additional “Consent Received” flags into their systems
- who in your business is responsible for data security
- what due diligence is carried out on any third party that might be handling data on your behalf.
If you have any questions about our registration process in relation to GDPR then please call Alison Jolly on 0333 200 0845.