GDPR deadline gone - What now?
If you haven’t already updated existing policies for GDPR or if you haven’t started to look at the implication of the new regulations within your organization, you still have time. GDPR compliance will be an on-going process and therefore will need to be monitored and updated on a regular basis – it will not be just a one-off exercise, so it’s certainly not too late to make a start on those updates to get you on the road towards compliance.
The first thing you should consider is to create an inventory of all the personal data you currently store and/or process, whether that be data belonging to employees, customers or suppliers. This inventory will go a long way in helping you, as you will be able to garner from it any areas that need updating or creation of new procedures to help with meeting the GDPR requirements.
• Employee Privacy Policy - If you have employee’s, does the existing contract detail what data you process on them, with whom and what they’re rights are in relation to that data? If not then you would need to create an Employee Privacy Policy.
• Clean Desk Policy – Do you operate a Clean desk Policy? Whereby data belonging to customers or suppliers is not left out on desks overnight where cleaners/security staff may have access to them.
• Data Processor Agreement - Do you share any employee information with your accountant or pension provider? If so do you have a valid or up to date contract or letter of engagement covering the new GDPR stipulations between data controllers and data processor’s?
Realistically it will be difficult for any organization to ever be fully compliant with GDPR; however once you are not ignoring your obligations under the new rules and have or are in the process of taking steps towards demonstrating compliance this should be sufficient if you ever face a Data Protection inspection.
If you require further guidance on GDPR please see our dedicated support section on our website where you can find on-demand GDPR webinars, FAQ’s and template documents like a Data Processor Agreement.
Bright Contracts has also recently been upgraded to include a new Employee Privacy Policy feature whereby you can tick off another box to prove compliance under the new GDPR regulations. Download a free trial of Bright Contracts here. Book a free online demo of the software.
BrightPay - Payroll and Auto Enrolment Software
Bright Contracts - Employment Contracts and Handbooks
Privacy Policies - A GDPR Requirement.
One of the main principles of GDPR is that Data shall be processed lawfully, fairly and in a transparent manner, these three elements overlap and all three must be satisfied in order to demonstrate compliance.
Employers, as both Data Controllers and Processors, must be able to show how they comply with the new data protection principles and be clear and open with their employees about the processing of data and their rights. The GDPR stipulates that anywhere personal data is being collected, either directly or indirectly, Privacy Notices should be in place, these policies are critical to complying with the transparency obligations in the GDPR. So the introduction of an Employee Privacy Policy will cover the required elements and ensure demonstratable compliance in this regard.
The Privacy Policy should be written in a clear and easily-understandable format and must include;
• What data is processed – name, address, PPS no., bank details, etc.
• How it was obtained – employee detail request form, CV, ROS, etc.
• The ‘legal basis’ for processing the data – contractual necessity, legal obligation, etc.
• Who has access to it and any third parties– HR dept., payroll clerk, pension company
• How it is stored and security – HR system, Thesaurus software, encryptions, etc.
• How long it is kept for –set in company policies or statutory requirements
• The rights of the employee – right to access, rectification, erasure, etc.
• If data is transferred outside the EEA
• Contact details of Data Controller
We have recently upgraded our Bright Contracts software to include a new Employee Privacy Policy feature, so now employers can facilitate the main GDPR principle of lawful, fair and transparent processing of the employee data. We have also updated the Data Protection Policy within the Handbook and the Data Protection Clause within the contracts.
To download a free trial of Bright Contracts, click here.
To request a free online Demo of Bright Contracts, click here.
BrightPay - Payroll and Auto Enrolment Software
Bright Contracts - Employment Contracts and Handbooks
Why am I getting all these emails about privacy??
Lately you may have noticed your inbox bulging each morning with lots of emails with similar subject lines to these;
“Your privacy = our priority” “GDPR Data Protection – Your Data is Safe with us”
“Big Changes are coming” “Opt-In to continue receiving our great updates”
“GDPR update – please don’t leave us!” “We’re keeping your details safe”
New, tougher European regulations around privacy and the use of personal data have now come into force and could see companies hit with huge fines if found to be in breach of the new laws.
In order for personal data to be processed lawfully, the processor must be able to rely on the reasoning being at least one of 6 categories, the main one being Consent. So if you were previously signed up with a company to receive newsletters or emails about special offers, they can no longer continue to send you these without your explicit consent.
Previous Data Protection Legislation allowed for an option to ‘Opt-Out’ as being sufficient means to mark having your consent, however with the new GDPR this is no longer the case. Consent must be ‘freely given’ unambiguous’ and for a ‘specific purpose’. Consent must be easily read and clearly distinguishable from other text and evidence must be collected as to how consent was obtained.
Consent can no longer be assumed and the likes of pre-ticked boxes that would have needed to be unticked if you didn’t want to register are now banned. Also the facility to Unsubscribe must be clear and an easy procedure to follow.
So all the emails you have been receiving, like those listed above, are those companies that you may previously have signed up with, scrambling to cover themselves for GDPR and not wanting to lose you as a possible customer or sale.
For more information on GDPR and how it may affect your organization, please see our dedicated online support documentation here.
BrightPay - Payroll and Auto Enrolment Software
Bright Contracts - Employment Contracts and Handbooks
Do employers need to amend employees' contracts to comply with the GDPR?
No, it is not necessary for employers to amend the contracts of existing employees to comply with the General Data Protection Regulation (GDPR). However if your employment contract includes a data protection clause it will need to be revised for any new contracts created.
For existing employees, employers should issue a new privacy notice to, providing information on the processing of their personal data, which would override any invalid data protection clauses in the contract. The GDPR specifies the information that the employer must provide in the employee privacy policy. The information includes the purposes for which the employer will process the employee's personal data, the legal bases for the processing, information about the retention period and information about the employee's rights as a data subject.
What has Bright Contracts done?
- Updated employment contract: whilst not necessary to update existing employees’ contracts, we have updated the Data Protection contract clause for all new contracts created in Bright Contract.
- Employee Privacy Policy: a new Employee Privacy Policy will be made available to all Bright Contracts customers. The new policy contains all the specific information required under GDPR.
- Data Protection Policy: the handbook Data Protection Policy has been updated and should also be communicated to employees.
Pay in Lieu of Notice (PILON) – Do you need to review your employment contracts?
Changes to the way in which termination payments are taxed came into force from 6 April 2018.
From 6 April all notice pay is to be treated as earnings and subject to tax and national insurance contributions – irrespective of whether or not there is a pay in lieu of notice clause (PILON) in the employment contract, this effectively removes the distinction between contractual and non-contractual PILON.
As a matter of best practice, we would certainly recommend that going forward all employment contracts contain a PILON clause.
In fact, in light of these recent changes, not having a PILON clause now will only leave you at a disadvantage. If you were to process a payment in lieu of notice without a contractual right to do so it could leave you at risk of not being able to rely on any post-termination restrictions such as non-competition clauses and confidentiality. Processing a PILON without a contractual right to do so would be considered a breach of contract. This is because you would be in breach of contract by making the payment and would therefore result in you not being able to rely on any of the other contractual clauses.
Contracts of employment created in Bright Contracts will contain a PILON clause by default.
To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here
To subscribe to our newsletter click here
BrightPay - Payroll and Auto Enrolment Software
Bright Contracts - Employment Contracts and Handbooks
Tribunal claims up 90% since abolition of fees
The Ministry of Justice (MOJ) has published figures showing a massive 90% increase in single claims lodged at employment tribunals in the last quarter of 2017 compared to the last quarter of 2016 - the Supreme Court ruled tribunal fees to be ‘unlawful’ during last summer and abolished them going forward.
The MOJ has cited the reversal of fees as the cause of this rise in cases, as employees are no longer put off making claims and using the tribunal process.
The most recent quarter has also shown a 467% increase in multiple claims, filed by more than one complainant. Some of the major supermarkets, Tesco, Morrisons and Asda have all faced multiple pay claims in the last few months, with Tesco facing up to £4bn in fines from a single group claim.
With the abolition of the tribunal fees came a refund scheme which saw 3,337 claims processed for refunds of fee payments to the value of nearly £2.8m between October and December 2017. There is four years worth of fee payments that could be claimed for refund, adding to the growing headache that is the whole tribunal fee’s debacle.
All of this is putting significant pressure on the tribunals who had, after the fee’s were originally introduced, reduced staff numbers and had their funding cut, is now having to deal with huge backlogs and delays. The increase in employment tribunal claims since the removal of the tribunal fees indicates just how important it is for employer’s to have in place proper policies and fair procedures in relation to their employee / employer relationship.
To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.
BrightPay - Payroll and Auto Enrolment Software
Bright Contracts - Employment Contracts and Handbooks
GDPR and employee files - What you need to know
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 changing the way we process data forever. The aim of the GDPR is to put greater protection on the way personal data is being processed for all EU citizens. Personal data can be anything from a name, an email address, PPS number, bank details etc so as you can imagine employers process a huge amount of personal data on a daily basis. So how will the GDPR affect employers in terms of processing employee data?
Consent
Data in the employment context, will include information obtained from an employee during the recruitment process (regardless of whether or not they eventually got the job), it will also include the information you hold on current employees and previous employees. All this information may be saved in hardcopy personnel files, held on HR systems or it could be information contained in emails or information obtained through employee monitoring.
Under GDPR your employee’s will have increased rights around their data.
These rights will include:
• The Right to Access. It’s not a new concept that employees will be able to request access to the data you hold on them. However, there is a new recommendation that where possible employers should provide their employees with access to a secure self-service login where they can view data stored on them. This backs-up the whole concept of transparency and ease of access to data, which underpins the new Regulations.
• The Right to Rectification. Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. This is an existing right and the onus is on the employer to ensure that your employee records are kept up-to-date. To help ensure you maintain up-to-date records, employers should make it easier for employees to update their data.
• The Right to be informed. Employers must be very transparent with employees about what data you hold, why and how long it is held for. Up until now it has been the common practice for many employers to include a standard clause in the employment contract regarding the processing of HR Data, under GDPR that will no longer be sufficient. Employers need to be reviewing their Employee Data Protection Policies and possibly writing new Employee Privacy Policies that go into detail on the processing of employee data.
Employee self service
Under the GDPR legislation, where possible employers should be able to provide self-service remote access to a secure system which would allow employees view and manage their personal data online 24/7. Furthermore, the cloud functionality will improve your payroll processing with simple email distribution, safe document upload, easy leave management and improved communication with your employees. By introducing a self-service option, you will be taking steps to be GDPR ready.
For information on employee files and how long to keep them please see our support page: Record Keeping Requirements
To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.
BrightPay - Payroll and Auto Enrolment Software
Bright Contracts - Employment Contracts and Handbooks
GDPR FAQ's Answered!
The General Data Protection Regulation comes into force on 25 of May 2018. It is legislation with new rules and guidelines on how to protect and process personal data. It is replacing existing data protection regulations that dated back as far as 1988 – obviously pre-dating the era of internet and social media as we currently know it. We are all having to evolve; amending policies and changing how things are done to take into account the new GDPR rules, so here are some of the queries we are receiving into our Bright Contracts support lines on GDPR which you may find useful:
Does GDPR apply to me?
If you are a company in this country, if your company is a sole trader or a limited company, if you have employee’s working for you or customer’s paying you, then you will more than likely hold some form of personal data belonging to them (i.e. a name, an address, a PPS number, a VAT number) If you hold anything that could be classed as personal data then the new GDPR will apply to you.
What is Personal Data?
Personal Data is defined as, “any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify a person.”
It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. (This is not an exhaustive list by any means) So, do you hold any of that type of information in your company? Of course you do; whether it is your clients, your customers or your employees. Somewhere along the line you will be dealing with personal data.
What rights do employees have under the GDPR?
As Data Subjects*, employees will have new and enhanced rights under the GDPR. The key rights in relation to employees include:
• The right to be informed: this emphasizes the need for transparency in how personal data is used. Employers should now be looking to revise their data protection policies and to implement new employee privacy policies outlining exactly what data is being held on employees.
• The right of access – there are amended rights surrounding an employee’s right to submit a data subject access request. A data subject access request involves an employee requesting to view all data retained on them, this will include data stored electronically and on paper files.
- Time-frame for response has been reduced from 40 days to one month.
- It will no longer be permissible to charge a fee in order to respond to a subject access request.
• The right to rectification: individuals are entitled to have personal data rectified if it is inaccurate or incomplete. In fact it is recommended here that employers take steps to put the onus on employees to update their personal details should they change. For example, authorities will look unfavourably on employers who are communicating with employees through an old address having made no effort to ensure the address is correct. Employers are well advised to include a clause in employment contracts outlining the employee’s responsibility to notify the employer of a change in personal details.
• The right to erasure, also known as the right to be forgotten. The broad principle being that an individual has the right to request deletion or removal of personal data where there is no compelling reason to retain the data e.g. a legal requirement to retain employee data will always be a compelling reason to retain data.
* Data Subject: “an individual who is the subject of the personal data”.
Bright Contracts employee compliant GDPR policies are coming soon!
- If you would like to be notified when they are complete please click here
- For further information register now for our GDPR webinars click here
- Read our GDPR blogs here
To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here
Bad Weather equals staffing headaches – what can be done?
With the recent bad weather, many businesses across the country have been forced to close or get by with skeleton staff. The question now on most employer’s minds is do they have to pay staff who are unable to come into work, whether because of workplace closure or inability to travel.
Answer
There is no legal obligation on employers to pay their employees if the business was forced to close due to extreme weather conditions or if employees were unable to travel to work due to bad weather. However, it is important to be aware of any custom and practice in the organisation or contractual clause, which may override this position.
The general advice to employers is to be as flexible as possible. The handling of bad weather and travel disruption can be a real opportunity for an employer to boost staff morale and show yourself as an all round fair employer. Possible considerations might include:
- Can you be flexible with regard to working hours or working patterns?
- Is it possible for employees to work from home or even at a different location?
- Would it be possible for the employee to work back the time missed at a later date?
- Rather than deducting pay for time missed you could offer that the employee take annual leave for the time. Whilst offering this as a solution is recommended, enforcing it without the agreement of the employee would not be best practice.
A company policy on absence due to inclement weather should address the situation where employees are unable to attend work, due to weather-related circumstances. Having such a policy should also mean there is much less scope for confusion and disagreement.
An Inclement Weather policy is available within the Optional Sections of the Bright Contracts Handbook.
£250,000 holiday back-pay paid out to construction workers
Over 100 construction workers are to receive an estimated £250,000 worth of holiday pay following a Unite campaign which ruled that voluntary overtime should be included in holiday pay.
Background
Workers across three high profile projects in London were paid holiday pay based on 39 hours a week whereas in reality they often worked 55 hours a week working overtime on Saturdays. The workers have secured payment of between £400 and £1,000 each with further back payments to be received after joining forces to demand their full holiday entitlement.
The construction workers were initially ignored when they brought the issue to Byrnes Bros management, until construction workers at different sites, backed by Unite, joined forces and commenced a campaign which developed into a collective grievance. Management then tried to deal with the grievances individually but workers insisted on a collective remedy to the underpayments. Management accepted that overtime should have been included in holiday pay and Byrne Bros are now in the process of paying each worker what they are owed including back pay.
Learning Points
The decision to accept fault comes as no surprise after the landmark ruling by the employment appeal tribunal in the Dudley Metropolitan Borough Council v Willetts (and others) case in July 2017. The case was the first to confirm that employers must include normal voluntary overtime when calculating holiday pay and it set a legally binding precedent which employment tribunals across the UK are obliged to follow. The pressure is now on for employers who still do not include overtime in holiday pay to urgently reconsider; otherwise they are at risk of being brought in front of the Employment Tribunal.
To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here
