Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR

  • 22-05-2018 1:23pm
    #1
    heretothere
    Registered Users, Registered Users 2 Posts: 635 ✭✭✭


    Not sure if this is the right forum or not. Basically I have no clue how to comply with GDPR!
    I know the deadline is pretty much upon us, I wasn't aware I would need to be the one implementing GDPR, I'm the accountant and didn't really think it would fall on me. Well it has.

    We are a small construction company, 9 employees. I have been trying to look up the rules but it all seems pretty vague as to if we need to comply or not. For the most part our clients are companies.

    Will consent from the employees about holding their personal info (for payroll) be enough or does more need to be done?

    Thanks.


Comments

  • #2
    davindub
    Registered Users, Registered Users 2 Posts: 1,447 ✭✭✭davindub


    heretothere wrote: »
    Not sure if this is the right forum or not. Basically I have no clue how to comply with GDPR!
    I know the deadline is pretty much upon us, I wasn't aware I would need to be the one implementing GDPR, I'm the accountant and didn't really think it would fall on me. Well it has.

    We are a small construction company, 9 employees. I have been trying to look up the rules but it all seems pretty vague as to if we need to comply or not. For the most part our clients are companies.

    Will consent from the employees about holding their personal info (for payroll) be enough or does more need to be done?

    Thanks.

    You really couldn't tell from what you have posted, the payroll information storage is one obvious area you might consider getting someone in to review. I know someone working in the field pm me if you want me to see how much a review would cost.


  • #3
    BoatMad
    Registered Users, Registered Users 2 Posts: 13,702 ✭✭✭✭BoatMad


    Firstly , any personal data that you are required to hold by law , is exempt from the GDPR, that would include payroll data , you cannot use that data for any other purposes of course without freely given explicit and unambiguous consent.

    For information you store on others , there are some simple rules

    1. its only applies to information that can identify a person , corporate info is not covered , typically info like email addresses, capturing their IP address, names and addresses , etc
    2. The data must be used for the specific purposes that it is collected for , for example if say they register online to access a sales portal , you cannot then automatically uses that data to market product to them , unless they give specific consent ( i.e. you cant use opt-outs only opt-ins)
    3. Consent must be freely given , you cant deny the service on the basis that they wont give consent
    4. Only adults can give consent
    5. The person has a right to ask you to provide a record of all the personal data you hold on them
    6. They have a right to " be forgotten ", i.e. they can ask you to delete all their records

    Again where the collection and storage and use of personal data is authorised by national law, GDPR does not apply , so data for example that you collect in order to make an appropriate employee tax returns P35 etc , are exempt .

    there are other rules , applicable if you pass personal data from one company to another for processing etc

    in essence , if you are only using personal data to comply with national laws, or for the specific purposes for which that data was collected , you are very unlikely to fall foul of the GDPR is any meaningful way


  • #4
    heretothere
    Registered Users, Registered Users 2 Posts: 635 ✭✭✭heretothere


    Thanks BoatMad.

    Ok, well bar payroll we hold no other personal information. From a Revenue point of view I will need to hold only ex employees old time sheets P60s/ P45s etc but I always delete their bank details straight away off the system.

    We don't do any promotions or anything like that. We do have a website but there is no where to sign up for a news letter etc.

    The bulk of our work would be corporate fit out's so again I think we should be safe there. We do the odd house renovation but those people would approach us, we don't do any specific marketing it's all pretty much word of mouth.

    I've just been getting so many emails myself I was getting concerned and I have been reading up on GDPR & me, plus a few other websites and was getting a bit bogged down in it.


  • #5
    Bridget1996
    Registered Users, Registered Users 2 Posts: 58 ✭✭Bridget1996


    Sorry to jump on this thread but We have a small construction company, we email our clients or they email us, I’m in the process of deleting all emails but keep all info like PPS numbers etc, do I need to do anything else regarding this pending GDPR, We don’t share details with anyone else, I’m confused as to what I should be doing as getting a lot of emails with this opt in or out, can anyone explain in plain details what I need to do


Advertisement