GDPR: Statement of Intent (Payroll)

Statement of Intent: Introduction

This statement sets out Cox & Co. Payroll Solutions Ltd.’s proposed approach to ensure the business is compliant, secure and has effective systems in place to meet the GDPR regulatory changes in May 2018

Download our Statement of Intent <<here>>

Existing Data Protection Policy

The existing Cox & Co. Data Protection policy will continue to underpin the basis of compliance during the GDPR project timeline.  All practices and processes will remain effective until or if they are replaced by revised policies and procedures.

The existing Data Protection policy, procedures and documentation in situ meet upcoming GDPR requirements and regulations.

Changes to current Data Protection Policy

To ensure continued compliance policies and procedures will be revised as part of our embedded security by design approach.

  1. GDPR Project Plan: Issued 13th July 2017

The framework of the GDPR project is set to ensure that Cox & Co. adheres to the new regulations by 1st January 2018.  In addition to this itinerary, planned improvements have been scheduled.

  1. GDPR implementation and system change timeline

In July 2017, we completed our GDPR Data Impact Assessment and Data Asset Register/Risk Assessment.

The findings of this assessment identified improvements that would aid both client (Data Controller) and Cox & Co. (Data Processor) to improve security further.

These will be:

  • Encrypted email
  • Password protected documentation
  • Implementation of two-factor authentication on Client Portal
  • Data exchange via Client Portal only

 

  1. Timeline of Improvement Measures

Subject Description Action required Implementation from
Data Impact Assessment GDPR Project commenced July 2017
Policy review Policy written GDPR Statement of Intent July 2017
Policy review Policy written Fair Processing Notice July 2017
Policy review Policy written Retention of Records July 2017
Policy review Policy written Access Control July 2017
Communication Communicate to clients GDPR Statement of Intent Statement of intent published and issued 9th October 2017
Email Encrypted email exchange MS 365 exchange upgrade 30th October 2017
Email Encrypted email exchange Formal notice provided to clients 6th November 2017
Email Password protect attached payroll documents Formal notice provided to clients 6th November 2017
Client Hub Sharepoint migration In-house software Training (1st) 24th October 2017
Client Hub Sharepoint migration In-house software Training (2nd) TBC
Email Encrypted email exchange Enforce exchange using encryption 1st January 2018
Email Password protect attached payroll documents Enforce password protection on all document exchanges 1st January 2018
Client Hub Sharepoint migration Project commence 1st January 2018
Client Hub Two Factor Authentication Testing 5th February 2018
Client Hub Sharepoint migration Formal notice provided to clients/training 30th March 2018
Client Hub Sharepoint migration Migration complete 30th March 2018
Client Hub Sharepoint migration Helpdesk & support 30th March 2018
GDPR Project complete 30th March 2018

 

  1. Document Owner and Approval

The Data Protection Officer/GDPR Owner is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR. A current version of this document is available to members of Cox & Co. Payroll Solutions Ltd staff, and employees of the businesses that it is contracted to for outsourced payroll services by emailing enquiries@payrollsolutionsltd.co.uk

 

This procedure was approved by the Director (Stephen Cox) of Cox & Co. Payroll Solutions Ltd and is issued on a version controlled basis under his signature.

 

 

Change History Record

Issue Description of Change Approval Date of Issue
1 Initial issue Steve Cox 19/09/17