-
The principles we apply to managing employee data also apply to handling data related to pensions and payroll. All this information should be used in a lawful, fair, and transparent manner, kept accurate and up to date, and securely stored.
-
When it's necessary to share information with our accountant or payroll service providers, it's crucial to do so securely. For example, don't send personal information via email in CSV files. If you need to share this information, send it via a secure Google Drive folder that you control. This allows you to regulate access and to delete the data according to our retention schedule later.
-
Always remember that employee information should never be disclosed to third parties or any individuals who don't have the proper authorization. Information sharing should be based on a 'need to know' principle and only disclosed when authorized.
-
As the Data Controller, we bear the responsibility for the data security levels of our third-party providers, which includes our accountants. If an employee makes a data subject access request, we are responsible for gathering information held on them by these third-party processors. Always be watchful of the security and data protection processes of these providers, and report any substandard practices to your Data Protection Champion.
Finance, HR & Operations