Don’t Fall Down On Your Data Protection
We might be one year on, but GDPR is just as important as it was last May.
It’s been just over a year since the General Data Protection Regulation came into force on the 25th May 2018. The new legislation caused stress and turmoil throughout the UK and EU, with businesses of all sizes racing against time to ensure that their data processing and handling procedures complied with the new directive. Data Protection Officers were appointed, call lists were cleansed and most of us made it.
However, all because the deadline has passed, it doesn’t mean that data protection should take a backseat. If the run up to GDPR taught us anything, it’s that all because you’ve achieved compliance, it doesn’t mean you’ve maintained it.
Between 25th May 2018 to 31st January 2019, 11,600 Data Breach Notifications were submitted to the ICO. Meanwhile, in Germany, just 3,326 breaches were reported to their Data Protection Authority. In addition to this, 33,089 GDPR complaints were submitted to the ICO alone over the same period, this figure doesn’t include separate data protection lawsuits or data related criminal investigations (GDPR Today, 2019), suggesting that UK organisations still have some way to go in terms of meeting optimum compliance and data handling standards.
Despite no fines being issued under GDPR in the UK as of yet, the ICO has said that penalties are “coming soon”, and added that it wanted UK organisations “to focus on how data protection law can help firms get it right…rather than how they might be punished if they get it wrong” (BBC, 2019).
So, how can firms ensure that they’re on top of their data protection responsibilities? Understandably, airtight processing doesn’t happen overnight, but there are small steps that can be taken to make large leaps towards achieving compliance.
The IRIS Payroll Professional MyePayWindow enables your firm to securely process information and sensitive personal data, all via an encrypted online portal.
What’s the safest way to process personal information?
It’s simple really, with as few people handling it as possible! Data breaches are often a result of human error, an aspect of accounting that can never be completely avoided, however the chances of it occurring can be greatly reduced. Our MyePayWindow is an encrypted online portal, with two-factor authentication and UK based hosting, that allows you to digitally transport your clients’ employees’ payslips, P60s, P11Ds and Automatic Enrolment communications in an encrypted format for their eyes only. The portal is a self-service system, reducing the instances in which your team handle sensitive information, clients and their employees are able to self-serve whenever they require, with unlimited 24 hour access and the ability to self-manage their forgotten usernames and passwords, making sure that their personal access information is only ever seen by them.
With all pay information stored within the MyePayWindow portal, employees are able to access historic pay information and pension communications, whenever they need them.
Keeping data tidy
When everything’s a mess, or simply overcrowded, it’s easy for things to get lost or misplaced – and the same applies to your data storage! Holding data that you no longer need opens you up to an increased chance of a GDPR complaint, and if a data breach were to occur, it could end up much larger than necessary.
The IRIS Payroll Professional MyePayWindow runs a number of automatic deletion routines, we like to think of it as spring cleaning your data, so that once an employee leaves their employer’s organisation, their personal information and account is automatically deleted, making sure that you’re ensuring that you’re complying with Article 17 of the GDPR, without even trying.
What’s more, MyePayWindow automatically cleanses documents and payslips from the system after set periods:
• Payroll reports are deleted three months after the initial upload date.
• Employee Automatic Enrolment communications are deleted 12 months after the initial upload date.
Why is keeping on top of your data so important?
Aside from the risk of being fined up to €20,000 or 4% of your annual global turnover, there’s other lasting damage that could plague your organisation, with potentially longer term effects.
Reputational damage can cause long term problems for organisations, and in some cases, wipe them from existence. Lest we forget Northern Rock, the British bank that became a beacon of bad reputation, to eventually be bought out by Virgin Money, ensuring its survival.
Reputations continue to be a major driver for corporate value in the UK. As of January 2018, they were responsible for £1,062 billion of market capitalisation across the FTSE 350 (Reputation Dividend, 2018), and this reputational importance is no different for UK Accountancy Practices and Payroll Bureaux.
Depending on the size and severity of a data breach, an organisation may be faced with a lawsuit, alongside an ICO investigation, adding to existing financial pressure and reputational damage.
After a public data breach, or failure to comply with data protection directives, an organisation will likely experience a loss of clientele, due to a reduction in trust and a concern for their own assets and data security. In addition to the initial aftershocks of a data breach or investigation relating to non-compliance with GDPR legislation, losing customers would seriously affect a firm’s bottom line. A position that no UK Accountancy Practice or Payroll Bureau wants to find themselves in.
If you’re interested in discovering how IRIS Payroll Professional MyePayWindow can benefit your organisation, call our Payroll Team on 0345 0573 708.