Is your organisation GDPR compliant when it comes to payslips?

Published: 19th April 2021

Is your organisation GDPR compliant when it comes to payslips?

There’s a legal requirement for employers to provide all of their employees with a payslip either prior to being paid or on the day they are paid. These payslips can be either a printed or paper version that’s posted to employees home addresses or handed to them, emailed payslips to employees or payslips being shared via a secure online system with employees.

Of course payslips are highly confidential as they have employees personal information on them. Employers are responsible for ensuring that this information is stored in a safe and secure way and that no data breaches take place. When it comes to GDPR, although this is an EU regulation, the UK government has incorporated this into UK data protection laws meaning organisations must comply or face consequences.

Data breaches where employee’s personal data or information is compromised are incredibly serious and if employees feel they have suffered damage as a result of a data breach, they have a right to report their employer to the ICO.

The method of distributing payslips that is most open to data breaches is undoubtedly sending them by post to employees at their home addresses. It would be easy to mistakenly send a payslip to an incorrect address, a previous address or something similar.

When employees receive payslips via email, it is also easy to intercept this if the right technical systems are not put in place. Emails can easily be hacked, sent to wrong addresses or end up in spam folders and not be seen at all.

The form of distributing payslips that is safest from data breaches and thus most GDPR compliant is for organisations to provide employees with remote access to a secure system where they can view new and old payslips. This will ensure the secure distribution of payslips, without many of the data breach risks of other methods.

As members of the REC, Brewster Partners take all data and GDPR seriously. Ensuring data is held safely and securely, we have recently been re-accredited with Cyber Essentials. This means we’re recognised as being best protected against any potential cyber-attacks and demonstrates our commitment to storing and protecting data in the appropriate way giving both clients and candidates peace of mind.