You may have heard about the General Data Protection Regulation (GDPR) which came into effect on 25th May 2018 and had one of 3 reactions:
- I need to pay attention to this because my company is inside the EU
- I don’t need to pay attention to this because I work outside the EU
- I need to pay attention to GDPR because I employ an EU citizen
In reality, it doesn’t matter where your company is based when it comes to GDPR compliance. If you run a business that employs EU individuals, then GDPR applies to you and this article is worth a read about how KeyPay is helping you manage your employee GDPR obligations.
When it comes to data, GDPR gives the EU individual:
- The right to request their personal data
- The ‘right to be forgotten’
Requesting Personal Data
From a payroll perspective this means that an employee can at any stage, (either during or after employment) request their personal information from their employer.
Rather than scrambling and hustling to find every component, employers can simply download the employee data into a zip file and, hey presto, you’ve got all the employee records in one place including:
- employee details
- date of birth
- start date
- address etc.
- as well as any associated documents including:
- leave requests
- expense requests and timesheets
- photos captured from clocking in/out of shifts
- employee profile pictures and
- pay slips
The Right to Be Forgotten
Similarly, EU individuals have the right to be forgotten… But simply deleting employee data might mess with your payroll reporting and payroll information, and in countries such as NZ and Australia, there is a requirement for businesses to retain employee data for 7 years, while in the EU countries, businesses are required to retain this data for 3 years (after which the EU individual can request deletion).
So KeyPay has factored that all in and built an ‘anonymising employee data’ function, which is only available for terminated employees and should be used with extreme caution. Essentially, it allows businesses to comply with the GDPR regulations, but also with local legislation – it’s not fully deleted, but instead, any personally identifiable information is anonymised, making it impossible to identify the employee. All non-core payroll information (such as timesheet notes, photos captured from clocking in/out of shifts etc) will be deleted.
BE ALERT BEFORE ANONYMISING!
Once you click it, you CANNOT RECOVER!
If you consider the number of EU individuals in your own business, or your clients’ businesses, then GDPR compliance should not be forgotten. KeyPay is just making your working life a whole lot easier.
For a full step by step on performing these functions, check out our comprehensive guide to downloading and anonymising employee data:
Guide for AU
Guide for NZ
Guide for UK