CIPP Payroll: need to know 2018-2019

“There are 5.4 million businesses in the UK that employ fewer than 250 people. When it comes to data protection, surveys show they tend to be less well prepared. We know that most businesses want to get things right but often struggle to find the key steps to get started. They also have less time and money to invest in getting it right. They may not have compliance teams or data protection officers or access to legal advice.The businesses may be small but they still hold important personal information and the need to gain the trust of their customers is just as real.”

Organisations that have yet to begin preparing for the GDPR can access a range of resources on the ICO’s dedicated data protection reform web pages.

By the end of the year, the ICO will publish a Guide to GDPR. It expands the content of the current overview to make it a comprehensive guide along the same lines as the current Guide to Data Protection.

CIPP comment With only 7 months until GDPR comes into force; take a worthwhile half hour to find out the key areas of change from the Data Protection Act and what you should be doing to prepare. CIPP webcast on General Data Protection Regulation (GDPR) The CIPP also run a half day training course which will help delegates understand and prepare for the changes, including how they affect payroll and HR functions, so that they can help their organisations become fully compliant by May 2018.

Back to Contents

EU guidance on GDPR data breach and profiling 27 October 2017

The Article 29 Working Party – the group of EU data protection authorities charged with agreeing European-wide guidance on General Data Protection Regulation (GDPR) – has published guidelines on profiling and breach reporting.

The breach reporting element is certainly relevant to payroll and pension departments and employers in general. The GDPR introduces the requirement for a personal data breach to be notified to the competent national supervisory authority and, in certain cases, communicate the breach to the individuals whose personal data have been affected by the breach.

Full details and links to guidelines can be found in the Information Commissioner’s Office (ICO) blog.

Guidelines on administrative fines that were adopted earlier this month will also be published shortly.

Consistency across the EU is one of the fundamental drivers of the GDPR and, as the UK member of Article 29 (WP29), they are either leading or assisting in the development of guidance on some of the main aspects of the law.

Back to Contents

Website privacy notices found to be inadequate 1 November 2017

Organisations need to be more open, honest and transparent in their online privacy notices about how they handle people’s personal data, an international study has found.

A review of 30 UK websites by the Information Commissioner’s Office in the retail, banking and lending, and travel and finance price comparison sectors found that data protection and privacy notices were often inadequate. Problems identified in the operation included the following:

The Chartered Institute of Payroll Professionals

Payroll: need to know

cipp.org.uk

Page 58 of 598

Made with FlippingBook - Online magazine maker