How to make sure that your payroll is GDPR compliant

author avatar


8 April 2019

custom-Custom_Size___debby-hudson-627097-unsplash 2

Payroll GDPR policy is something that businesses simply can't afford to ignore. Data protection has always been an important subject but now, particularly given the new GDPR regulations that have been put in place, companies cannot afford to cut corners. 

What is GDPR?

GDPR, or General Data Protection Regulation, became law on the 25th of May 2018; however, despite the significant publicity it received, many major European companies struggled to make sure that their businesses compliant before the deadline.


GDPR affects how all European businesses look after their data. This includes how they process it, as well as how they store it. The new data protection regulations affect every citizen in the EU, and apply to every company operating within the region.

Will my company need to be GDPR compliant after Brexit?

Brexit complicates matters further. When the UK leaves the EU, it will be classed as a “third country” and so passing data between the UK and the EU may become more difficult. This will have a particularly large impact on many Irish companies, due to the border with Northern Ireland, and the flexibility that they currently have with the UK.


At it stands, we still don’t really know what GDPR Brexit will look like. However, the UK will need to eventually set up its own agreement with the rest of the EU on how it manages data.


The EU will need to determine if the UK has a robust data protection policy in place, as it will be seen as a “third county”. It is likely that, in order to maintain smooth business transactions with the EU, the UK will still follow the regulations as set out in GDPR.


As these regulations are already in place, it is unlikely that there will be any drastic changes in the near future. 

Payroll and GDPR 

GDPR affects anything that uses personal data, including payroll. GDPR has increased the responsibilities of the people who process data, meaning that compliance is no longer solely in the hands of the controllers. A compliant GDPR payroll bureau now has several statutory obligations they must follow under their payroll GDPR policy.



GDPR means that there is an increased number of mandatory terms that must be included in contracts between a controller and a processor. Everything must be laid out in detail, and only the data mentioned in this contract can be collected.


International Relations

We’ve already mentioned that Brexit may affect this. Under GDPR regulations, you can’t transfer your data internationally unless the country you are sending it to meets certain EU regulations.


Payroll Software Companies

As a business, it is your duty to ensure that the payroll software you use is GDPR compliant. When GDPR came into force, many of the contracts for different software providers needed to be updated. In order to reassure companies of the internal security at PayFit, we were amongst the first companies to become fully GDPR compliant ahead of the May cut-off date. 

✅ Top five actions for Data Protection 

Make sure employees know what data you have

Under GDPR, the data you have on an employee should be completely transparent. You may have to respond to requests for an employee’s data to be changed or even deleted.

Consolidate the data – get rid of anything you don’t need

In order to be compliant, data should be stored in one place. This will make it easier to view and to get rid of anything that is no longer needed. As you can no longer collect information unless it has a purpose, any data that doesn’t have a specific use needs to be deleted in a secure manner.

Employees must opt-in

Employees must agree to any data you collect. Under GDPR, you can’t assume that an employee agrees to anything when it comes to their data. The same is true for marketing emails. Clear permission must be given that a customer, or a potential customer, wants to be contacted.

How the employee receives their payslip

Under GDPR, you can continue to send out payslips to employees by post or by email – so long as appropriate security measures are put in place. However, it is recommended that this is moved to a password-protected, online system.


Due to GDPR, many payroll providers are looking to adopt this service. A self-service option will allow employees to easily view all of their data in one place, and even provide visibility of other information, including remaining annual leave. Providing easy access to data you hold is part of the new GDPR compliance. 

Use GDPR compliant payroll software

GDPR payroll providers can help you become compliant in no time at all. They have increased security as well and will generally employ password protected systems that are easy for employees to access. It also means that both employees and data belonging to clients is consolidated in one place. It is easy to upload documents, and remain completely secure.


PayFit can automate your payroll processes, regardless of its complexity. The app can help you to manage you NI contributions, pension payments, and taxes, all while remaining 100% GDPR compliant.

Keen to find out more about it? Book a demo with us today!