How to make sure that your payroll is GDPR compliant

author avatar


23 April 2019

custom-Custom_Size___debby-hudson-627097-unsplash 2

Payroll GDPR policy is something that you can’t ignore. Data Protection is vitally important now that these new regulations are in place. Your business, as well as your payroll software, needs to step up to the mark in order to stay compliant.

What is GDPR?


GDPR, or General Data Protection Regulation, became law on 25th May 2018, and many companies in the EU struggled to make sure that their businesses were compliant before this date.


GDPR affects how all European businesses look after their data. This includes how they process it, as well as how they store it. These new data protection regulations affect every citizen in the EU, and apply to every company operating within the EU.


Brexit complicates matters further. When the UK leaves the EU, it will be classed as a “third country” and so passing data between the UK and the EU may become more difficult. This will have a large impact on many Irish companies in particular, due to their border with Northern Ireland, and the openness they currently have with the UK.

Will my company need to be GDPR compliant after Brexit?


At it stands, we still don’t really know what GDPR Brexit will look like. However eventually, the UK will need to set up its own agreement with the rest of the EU on how it manages data.


The EU will need to determine if the UK has a robust data protection policy in place, as it will be seen as a “third county”. It is likely that, to keep business with the EU as smooth as possible, the UK will still follow the regulations as set out in GDPR.


These regulations are currently in place, so after so much time ensuring compliance across businesses, there won’t be another drastic change any time soon.

Payroll and GDPR


GDPR effects anything that uses personal data, and that includes payroll. GDPR has increased the responsibilities of the people who process data, meaning that compliance is no longer solely in the hands of the controllers. A compliant GDPR payroll bureau now has several statutory obligations they must follow, under their payroll GDPR policy.



GDPR means that there are a larger number of mandatory terms that must be included in contracts between a controller and a processor. Everything must be laid out in detail, and only the data mentioned in this contract can be collected.


International Relations

We’ve already mentioned that Brexit may affect this. Under GDPR regulations, you can’t transfer your data internationally, unless that country meets certain EU regulations.


Payroll Software Companies

As a business, it is your duty to ensure that the payroll software you use is GDPR compliant. When GDPR came into force, many of the contracts for software needed to be updated. Payroll software companies were among the first to become fully GDPR compliant ahead of the May cut-off date, in order to reassure companies of their security.


✅ Top 5 actions for Data Protection 

Make sure employees know what data you have

Under GDPR, the data you have on an employee should be completely transparent. You may have to respond to requests for an employee’s data to be changed in some way or deleted.

Consolidate the data – get rid of anything you don’t need

In order to be more easily compliant, data should to be consolidated into one place. This will make it easier to view and to get rid of anything that is no longer needed. You can no longer collect information unless it has a purpose. This means that any data that doesn’t have a specific use needs to be deleted in a secure manner.

Employees must opt-in

Employees must agree to any data you collect. Gaining permission is now essential. Under GDPR, you can’t assume that an employee agrees to anything when it comes to their data. The same is true for marketing emails. Clear permission must be given that a customer, or a potential customer, wants to receive these.

How the employee receives their payslip

Under GDPR, you can continue to send out employees their payslip by post or by email – so long as appropriate security measures are put in place. However, it is recommended that this is moved to a password-protected, online system. Due to GDPR, payroll providers are increasingly offering this service. A self-service option will allow employees to easily view all of their data in one place, and even see things like what leave they have remaining and any sick days. Ease of access to view the data that you hold on employees is all part of GDPR compliance.

Use GDPR compliant payroll software

GDPR payroll providers can help you become compliant fast. They have increased security as well as using a password protected system that is easy for employees to access. It also means that both employees and client’s data is consolidated in one place. It is easy to upload documents, and completely secure.


PayFit can automate your payroll, no matter how complicated it is. It can manage NI contributions, pension, and taxes, all while being GDPR compliant.

Do you want to know more about it? Book a demo with us today!

Learn more about PayFit