GDPR and Payroll Manager
The General Data Protection Regulation (GDPR) was adopted by the European Parliament in 2016 and came into force throughout the EU on 25 May 2018. GDPR replaces the Data Protection Directive (95/46/EC), which is implemented in the UK through the Data Protection Act 1998 (DPA). There are many similarities between the GDPR and the DPA but there are different requirements for those who have day-to-day responsibilty for data protection.
The GDPR is complex and employers / agents should seek guidance specific to their data processing practices, where necessary, and look out for further guidance from EU and UK regulators on implementing the GDPR requirements in practice. Please see the ‘Links‘ section at the bottom of this page for more information.
This guide is intended to provide you with pratical information specific to the operation of Payroll Manager to help you comply with both the DPA and the GDPR.
Many employers choose to issue their employees with electronic payslips, and Payroll Manager provides a mechanism for doing this by producing ‘pdf’ copies of the payslip which can then be sent via email to the employee. DPA / GDPR does not prevent you from doing this, but it is important that the pdf payslip is password protected, and this can be achieved as follows:
If you use Payroll Manager to generate payslips and send emails directly then you can ensure that they are password protected by following the steps below:
- Click ‘Employees‘ then ‘Employee Details‘ from the main menu in Payroll Manager and click on the ‘Personal‘ tab.
- Enter a password in the ‘PDF password‘ field towards the bottom of the window and click ‘OK’.
The prescence of a password in this field ensures that all pdf payslips sent by email directly to this employee will be password protected. When deciding on a suitable password to use you should design a suitable method so that the password will only be known by the employee themselves and to the person initially entering it onto the system.
If instead of sending emails directly through Payroll Manager you use the software to create pdf copies of the payslip and then manually compose and send emails to employees from outside of the payroll system (e.g. if you use Outlook, Thunderbird or other email client or webmail system to generate and send the email) then there is a further step that you need to take to ensure that the pdf document that you attach is password protected.
- Click ‘Tools‘ and then ‘Setup‘ form the main menu in Payroll Manager.
- Tick the box marked ‘Add passwords to saved PDF files‘ and click ‘OK‘.
This ensures that all pdf documents specific to the employee will be password protected using the password specified on the Employee Details screen.
NOTE: Some users choose to send payslips and other documents via email directly to the employer (rather than to the employee). In such cases you can password protect the pdf documents in a similar way to that described above, by making sure that you have specified a password in the ‘Employer – Employer Details – PDF password‘ field.
NOTE: Some external companies offer a ‘Secure Online Employee Payslip’ facilty whereby each payslip is published on a secure website and then downloaded by the employee. One such company is PayDashboard who offer a paid-for service. Payroll Manager is able to produce an output file in the format required by PayDashboard. For more details about contracts, pricing and availability please contact PayDashboard directly as Moneysoft is not party to this information.
Payroll Manager data files
Payroll Manager stores the payroll information for a complete tax year for a particular company in one single data file. You should ensure that this data is held securely on your system so that it is only available to those that have a genuine requirement to access that data. How you choose to do this is beyond the scope of this guide, however you should be aware that it is possible to password protect a Payroll Manager data file from within the software itself which will help you keep your data safe.
- To password protect a file, first open it within Payroll Manager (e.g. click ‘File‘ then ‘Open‘ from the main menu).
- When the file is open on the screen, click ‘File‘ then ‘Utilities‘ then ‘Password‘ from the main menu.
- Type in your chosen password and click ‘OK‘ to save this password.
- Each time that the file is opened, Payroll Manager will prompt you to enter the password. Please note that the password is specific to that particular data file and that it is impossible to open this file without entering the correct password. Moneysoft are not able to advise you as to what your password might be should you forget it!
Payroll Manager Data files contain personal information about each employee, and also contain details such as your User ID and Password for online filing to HMRC. You should therefore take measures to ensure that these files are stored securely on your system and are never passed on to third parties.
CSV files, BACS payment files, and other reports that you may produce / store during you operation of Payroll Manager.
During the normal use of Payroll Manager you may be producing ‘txt’ or ‘csv’ files from the software for transmission to a third party (e.g. a ‘BACS Payment File’ to instruct your bank to make payments to employees or a ‘Pension Upload File’ to inform the pension provider of employee and employer pension contributions.) These files contain personal employee data and you should take measures to guard against unauthorised access to them whilst they are on your computer. Payroll Manager can reproduce these files at any time so there is no reason to store them permanently on your system once they have served their purpose.
If you act as a payroll agent you may from time to time send txt/csv files via email to your client. Please be aware that due to the nature of txt/csv files they can not be password protected in the same way that a pdf document could be, so you should takes steps to ensure that these files are transmitted in a secure fashion. You might consider using third party software such as ‘WinZip’ or similar to encrypt these files before attaching them to an email.
A few of our Payroll Manager users have asked whether or not the data stored in their RTI returns is secure. RTI information is sent to HMRC using Hyper Text Transfer Protocol Secure (HTTPS). The ‘S’ at the end of HTTPS stands for ‘Secure’, which means that all communications between Payroll Manager and HMRC are encrypted. The submission of RTI returns is not impacted by GDPR.