All employers will use some form of payroll software to hold and use their employees’ personal data. Employees will usually provide personal data to their employer at the beginning of their employment, as well as through certain legal documentation such as a P45. It is your employer’s strict responsibility to handle your personal data carefully and comply with data protection laws such as the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

What counts as personal data?

Personal data includes everything from your name and contact details to your payment details and tax information. Employees with particularly sensitive personal data, such as employees who belong to a trade union, will need to receive an even greater level of protection from their employer.

How data protection laws protect your personal data

Due to the sensitivity of your personal data, and the laws which govern the way your employer handles and uses this data, employers are legally required to abide by a set of principles when handling your personal data for payroll purposes. The following principles are intended to provide employees with confidence that their personal data is being handled with the strictest care.

Lawfulness, fairness, and transparency

Compliance with the law should always be of the utmost importance when handling sensitive personal data.

Purpose limitation

In the case of payroll, an employee’s personal data has been collected strictly for purposes of receiving pay and having the correct tax deductions made. This must be the only reason this data is used by payroll administrators.

Data minimisation

Only the necessary data should be collected by payroll administrators for the specific purpose of carrying out payroll functions.

Accuracy

The personal details held and used by employers must be kept up to date as far as this can reasonably be done. Data must also be accurate to avoid any errors in data handling.

Storage limitation

Sensitive personal data must be securely destroyed once it is no longer needed. However, personal data can be kept in accordance with the accounting rules on the retention of payroll records.

Integrity and security

Employers must have a secure system in place for storing sensitive personal data. These systems should be well-maintained to prevent cyber threats and other digital risks.

Accountability

By collecting, handling, and using sensitive employee data, employers accept responsibility for complying with these data protection principles and must keep safe, thorough records to demonstrate this.

Pro Drive IT are a Woking-based IT company providing a range of IT services including IT support, IT audits, strategy, and cyber security across Surrey and beyond. Our friendly team provides specialist, bespoke IT services that cover a range of business sectors, budgets, and use cases. Whether you need IT support in Surrey or you are based in London or across the South East, we can help.