At Payplus we take information security extremely seriously. Payroll data security is at the heart of everything we do and with the ever-increasing media reports of the increase in online fraud and data loss in the UK, we have reviewed our own approach to information security.
The Information Commissioners Office currently has a wide range of powers at its disposal to enforce the Data Protection Act 1998. These range from assessments and enforcement notices through to fines of up to £500,000.
From 25th May 2018, the Data Protection Act will be replaced by the General Data Protection Regulation (GDPR) which will bring with it increased data security requirements and much higher levels of fines.
No business can afford to ignore the financial and legal consequences of a breach in the security of the information it keeps, nor the impact upon its reputation amongst customers, suppliers, employees and the wider business community.
As a result, Payplus decided to introduce the following options to secure data transferred between you and Payplus:
- Egress Switch – This email encryption software is simple and free to use and ensures the transfer of electronic data between you and us is secure.
- PayDashboard – This portal allows Payplus to upload payslips and payroll reports so that your employees can securely access their payslips and P60’s while you can view all payslips and, download your payroll reports and upload data to Payplus.
Click on the links to learn more about both data security solutions.
5 ways that PayDashboard ensures GDPR compliance
- PayDashboard allows users to access payslips via a secure online portal.
- PayDashboard does not email payslips, users receive email notifications that a
new payslip is available but must log in to view their payslips.
- To register new users on the site we send them an email link to register. When they register they must confirm a piece of personal information such as their NI number, preventing someone who intercepted the email from falsely accessing the account.
- PayDashboard users can enable additional two-factor authentication upon login to further secure their account. Login is only possible with the user’s email address, password and a 6 digit code generated on their phone.
- As a company we are ISO 9001 and 27001 certified, registered with the ICO, we comply with the Data Protection Act, and are working to ensure ongoing GDPR compliance in all areas of the business.
Not only do Payplus provide means for ensuring secure transmission of data but the Payplus systems are designed to be secure whilst your payroll data is being stored and processed.
Payroll processing is carried out by Payplus in a secure building with swipe card entry to each floor and keypad entry to each room.
Our servers are sited in those same secure, controlled premises, running regularly updated software and maintained with the latest security patches. Performance and security logs are monitored constantly with unusual events being reported immediately they occur.
A combination of real-time online back up to secure UK hosted servers and daily tape backups ensure that individual files can be restored if necessary and a whole system restore can be undertaken should the need arise.
Bacs approved bureau
Payplus is subject to an audit by Bacs (www.bacs.co.uk) every 3 years, covering all aspects of the payroll and Bacs payment processing, with particular emphasis on security aspects. Our results from these audits have always been “Excellent” or “Good” in all categories.