PART 1: DATES, DEFINITIONS AND OBLIGATIONS
Transitional periods Prior to 23rd October 2001 manual data subject to processing before 1998, was exempt from the data protection principles and certain other aspects of the Act. The second transitional period was between 24th October 2001 and 23rd October 2007. During this period eligible data which was held before 24th October 1998 was exempt from the first data protection principle (with some exceptions) and the second, third, fourth and fifth principles. COPYRIGHT © 2021 THE CHARTERED INSTITUTE OF PAYR LL PROFESSIONALS Hence since 23rd October 2007 all computer and paper records within a ‘relevant filing’ system i.e. arranged in a structured set of information, specific to the individual and readily accessible are covered. N.B. A Code of Practice to assist employers in implementing the 1998 Act was made available. This code is now no longer available as a consequence of the new 2018 Act. The Data Protection Act 2018 Implemented on 25 May 2018 this has been stated by the Information Commissioner’s Office as “the biggest change to data protection law for a generation.” In practice it is DPA+ with which employers have to comply. Most of the principles applied by payroll processors from previous legislation remain in place. One of the main changes for employers is that ICO guidance has been elevated from best practice to legislative status and has led a radical shake up of the terminology and format of DPA guidance. Each data processor has been required to compile a statement of all the processes carried out by the organisation which have personal data implications with details of how that is being carried out and who is responsible for the different stages of that process. For employers who use third parties to process their payrolls this has involved compiling joint statements regarding the approach and attitude towards data protection and processing of personal and sensitive data. Subject access and rights have changed substantially in that the 40 day deadline for responding to a subject access request, as required by the DPA 1998, is now one calendar month and the charge of £10 towards disclosure has been abolished. No printing, copying or reproduction permitted. Data subjects, i.e. employees and increasingly external contractors who find themselves on a payroll, have the right, from 25 May 2018, to rectification of any data they consider to be inaccurate. Whilst data subjects now have the right to restrict processing and gain the right to be forgotten, it is unlikely that such rights will be an issue for payroll and pensions processing. It has been recommended that as part of their statements regarding compliance with the new act employers ought to set out the limits in respect of such rights, or to announce they will comply with such rights but point out the serious financial implications should an employee attempt to exercise these rights. The act implements in full the general data protection requirements of the EU.
68
Made with FlippingBook - Online magazine maker