General Data Protection Legislation (GDPR) and Moneysoft Ltd
It has always been a policy of Moneysoft to collect as little personal data as possible in order to provide software to our customers. In normal circumstances the only data we will have asked for are those required to provide an invoice (e.g. name, address, email etc.). We never share this data with third parties; nor do we ever use it to send unsolicited or marketing emails.
In readiness for the the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018, Moneysoft have conducted a thorough review of our data collection and rentention policies and have also published a number of guides designed to help our customers with their own GDPR preparation.
It is important for us to point out that Moneysoft does not have access to any of the data files that you use to process your payroll or accounts. These data files are (by default) stored locally on your own computer systems (or other location of your own choice) and are never stored on any Moneysoft systems or servers. You remain responsible for the accuracy and security of these files and should take the necessary steps to prevent any unauthorised access to this data.
Steps we have taken in readiness for GDPR:
Moneysoft have been actively working on our GDPR strategy for a number of months and have taken specialist legal advice in order to help us become compliant with this new legislation. Some of the actions that we have taken so far are as follows:
- We have undertaken a comprehensive ‘Information Audit’ to assess what personal information we hold and to identify any ‘risk factors’ regarding the processing and retention of data.
- We have updated our own internal Data Retention Policy and associated documents.
- We have updated our Privacy Notice to give detailed information about what items of data we collect from our customers, the purpose for which this is used, and where and for how long this data is stored.
- We have updated our software End User Licence Agreement (EULA) to provide further clarity regarding our software support policies.
- We have carried out comprehensive staff training to cover all aspects of our new GDPR related policies and procedures.
- We have published a guide on GDPR and Payroll Manager to assist our customers with their own GDPR compliance (covering areas such as password protection of pdf payslips and of Payroll Manager datafiles)
- We have added the facilty in our Payroll Manager software to produce an ‘output file’ that can be used to upload payslip and other information to ‘Pay Dashboard‘ who provide an online portal for employee payslip delivery. Note: Pay Dashboard are a third party company who charge a fee for this service.
- We have introduced an Anonymous backup facility within our Payroll Manager software so that customers who wish to send us a copy of their data file for investigation during support issues can do so without including any personal data.
- We have conducted a review of the security of the systems used to host our online ordering system, which are operated by a UK company with servers in the UK.
- We have updated our policy on dealing with Subject Access Requests and have carried out staff training to deal with such requests.
What should I do if I am unsure about the impact of GDPR on my own business?
We would encourage our customers to seek their own legal advice if they are unsure about the implications of the GDPR on their businesses. There is also a large amount of information about GDPR available from the UK’s Information Commissioner’s Office (ICO). A good starting point for those who wish to learn more is the GDPR – 12 steps to take now document available on the ICO website.
Specific guidance for users of our Payroll Manager software
For details of the practical measures that you can take to assist with your own GDPR compliance when using Payroll Manager please refer to our GDPR and Payroll Manager guide.