“In the past, human resources and payroll personnel would be the ones processing everything from timesheets to leave forms. If an employee’s banking details changed, they would need to notify the appropriate payroll administrator to make sure their salary makes its way to the correct bank account. The next generation of payroll software has made it possible for employees to manage many of these tasks themselves,” says Leggat.
Tasks that usually required paper trails and approvals, such as travel allowances and overtime claims, can now be processed online, which leads to an increased amount of personal information being shared via web portals.
“As a payroll company or a payroll department, you will have a lot of employee-related personal information at your fingertips. The more open and accessible your payroll system is, the more attention you need to be paying to things like firewalls, internet security, cyber threats and general information technology safety,” says Leggat.
Employers now also have a legal obligation to protect their employees’ information thanks to the POPIA (Protection of Personal Information Act). This legislation sets conditions for how personal information can lawfully be processed; it has been signed by the President and is now the law.
“Companies are responsible for making sure they are complying with this Act. It’s not only companies in the Financial Services and Healthcare sectors which need to understand their rights and responsibilities regarding personal information processing – any company who uses online payroll processing has to make sure they are protecting their people from harm as well as protecting their right to privacy,” says Leggat.
International companies have an extra set of privacy concerns to deal with on top of the POPI Act. The GDPR (General Data Protection Regulation) was adopted by the European Parliament in early 2016 and while many of the stipulations are similar, a business will need to comply with both acts if they are transferring personnel and payroll data across borders.
“A company in South Africa may be outsourcing their payroll function to their European counterpart. In this case, they would need to comply with both the GDPR and POPIA legislation. They are different flavours of data protection laws, but it could be necessary for you to tweak your payroll processing strategy so that you have a global view and comply with what is common among them,” says Leggat.
People are already wary of sharing their personal information, cellphone numbers, credit card numbers and addresses online. Having a future-ready payroll software solution can make your business more efficient, but it’s an employer’s responsibility to make sure that their employees are comfortable using it as well.
“Companies need to take data protection seriously and their staff needs to know that their privacy is a top concern if you want widespread uptake in these systems,” concludes Leggat.
