Is your Payroll Data GDPR Compliant?
While companies have quickly adapted their marketing activities to accommodate the provisions of GDPR, many are less aware of the implications the regulations have on the way they store data, including payroll data.
Nigel Stapleton, CBR Business Solution’s Payroll Manager explains: ‘It is important to understand not only what data to hold about your employees but for how long to hold it. In our case, data must only be relevant to meet the requirements of a customer’s payroll so we are not allowed to hold data pertaining to, for example, a member of staff’s training or CPD activities.
‘It is also one of the principles of GDPR that companies must not keep personal data for longer than they need it, so we must all think about – and be able to justify – how long we keep personal data. HMRC advise that the minimum retention period for payroll data is three years prior to the current PAYE year, and that is the principle by which CBR Business Solutions operates for our payroll clients.’
However Nigel also advises customers, other purposes such as HR do require data to be retained for longer periods so companies should check what the rules are for different aspects of their business.