Paying your staff correctly and on time is one of the most important day-to-day functions of your business. But you also have to handle lots of highly sensitive data when you run payroll, and protecting that data is critical.

If you fail to protect it adequately you could be at risk of data breaches and severe financial penalties for non-compliance. 

Why is it important to protect payroll data?

Trust is a huge part of your relationship with your employees and securing their payroll data is a vital part of that equation. Personal information such as bank details, home addresses, national insurance numbers, tax codes and pay rates are all part of payroll. Your staff need to know that this personal and financial information isn’t freely available to others in the company. They also need to know it’s protected from external data breaches and the risk of hackers using their information for fraudulent purposes.

In addition, thanks to the introduction of the General Protection Data Regulations (GDPR) earlier this year, you are legally obliged to make sure all sensitive information is held in a safe and secure manner. Any systems storing employee data need to be secure, you need to make sure the information is relevant for the purpose you are holding it for and you should only hold it for as long as is necessary to carry out that purpose. You also have to make sure you have consent to hold such information and process it.

How to protect your payroll data

It’s important to protect your payroll data and there are a number of ways you can do this:

Centralise information

It’s an extremely good idea to have your payroll information in one place. This can be part of your online accounting software or HR software. Online HR software is password protected and strong on security, so can protect all your employee data, not just payroll. Sensitive data such as expenses, benefits, recruitment, employee onboarding information, training, absence and workloads are all protected in the same way.

Keeping it in one central database limits the amount of staff that can have access and also reduces the risk of duplication. In addition, physical equipment used to handle payroll – computers, laptops, server equipment etc. – should be kept in a secure location.

Limit access to the data

'Too many cooks spoil the broth' as they say, and too many people having access to payroll can increase the chances of payroll data being breached. Limit the number of people who have access to only those who need to know or process it. You also need to make sure those who have access have a username and password to access it and these should be changed regularly. Using complex passwords with a mixture of upper and lower case letters plus numbers and symbols will also help to increase security.

Monitor processes

It’s important to monitor your payroll process regularly. For example, you should ensure the person inputting the data isn’t the same as the person reviewing it to avoid inaccuracies or too much responsibility in the hands of a single person. Make sure the people handling such sensitive data are also properly trained and are aware of the importance of maintaining security.

Review data handling processes

It’s important to regularly review how you handle all your company’s sensitive data, not just payroll.

You should continually review who is doing what with sensitive data and ensure segregation of duties. You should also ensure that your staff use secure methods of communication. If possible, they should use an encrypted communication portal so only those with usernames and passwords can access it. If this isn’t possible, then any important documents sent via email should be password protected.

Since GDPR was introduced you need to make sure the data you process is being used for the purposes for which it was intended, and you only hold onto it for as long as is necessary to you complete those processes. For example, if an employee leaves the company you do not need to keep their bank details in perpetuity but you should be able to keep the employee record for a period of time.