Technology insight
purely for marketing purposes. Under the GDPR, however, this right is absolute and includes historical, statistical and scientific purposes as well as marketing. ● Automated decisions – An individual has the right to object to their data being wholly processed by automated decision making. As an example, if an employee applies for a role which requires a clean driving licence but has three points on their licence due to come off in a month’s time, they would want the opportunity to confirm this via human interaction and not be removed from the recruitment process because an automated decision would remove them for having those points. Consent and other lawful bases The roundtable covered the lawful bases for which data can be collected and held. Though there has been a lot of discussion regarding consent with regards to GDPR, there are six lawful bases for processing individual data. ● Legal obligation – You are required, by law, to process the data. ● Contractual obligation – You have an employment contract with an individual
and have clearly outlined why the data is being processed; this is the most important basis for payroll and human resources. However, you need to consider what is required under the contract and what is required after an employee leaves your organisation’s employment. ● Legitimate interest – There is a legitimate interest of the data subject to use the data held to inform them of something that will benefit them. ● Vital interests – If it is in the vital interest of the data subject and others (e.g. their colleagues) to know the information. For example, if an employee has an allergy, they may not want others to know; however, it is in their vital interests that the company first aiders are aware so that if the employee has an allergic reaction they are able to administer the correct first aid response. ● Public interest – There is a public interest for the data to be held and processed, for example members of parliament’s addresses are in the public domain. ● Consent – The individual has provided explicit consent for their data to be processed as the lawful basis. In a payroll
and HR context, it is unlikely that consent would be the main basis by which you process their data. It could be, however, for secondary uses of their data. Consent can be withdrawn at any time by the data subject, making it the least reliable. Summary The overall takeaway from the roundtable was that GDPR should be viewed as an opportunity to: ● review business processes and operate more efficiently and effectively ● reduce costs, including saving on storage for unnecessary retention of data ● engage with other departments to gain a deeper understanding of the business and operate more efficiently ● develop self-service platforms for individuals to take more ownership of their data accuracy. n For more information on GDPR, the CIPP has a webcast available to members within My CIPP on the CIPP’s website; and there is a GDPR training course available face to face and online. For more details visit cipp.org. uk/gdpr .
Payroll for Scottish employees
Half day
In April 2018 following devolution, Scotland will apply its own PAYE tax thresholds. Our new Payroll for Scottish employees course will prepare payroll staff for these changes. Contextualising these changes using case studies and working examples, this half day course will focus on the following:
● The new PAYE thresholds ● Applying NICs ● Scottish Arrestment orders ● Childcare vouchers ● PAYE settlement agreements (PSA) ● Pensions (relief at source tax arrangements) ● Apprenticeship Levy
To book your place on this essential course, visit cipptraining.org.uk , email info@cipp.org.uk or call 0121 712 1000 for more information.
cipp.org.uk CIPP_UK cip .org.uk @CI P_UK
27
Issue 39 | April 2018
| Professional in Payroll, Pensions and Reward |
Made with FlippingBook - Online magazine maker