GDPR and Security

As data processors, we take the security of your data and the transfer of your client’s personal information very seriously.

Bulletproof security

Locally our data is protected by multiple layer sophisticated passwords, sitting behind firewalls, malware and antivirus systems. Our distributed architecture provides a greater level of protection from accidental deletion or equipment failure.

We maintain all our payroll data on cloud servers. The transfer of data to the cloud servers use an end-to-end encryption, with public key encryption. This means all our data is encrypted with Zero Knowledge and it is not possible to decrypt it even if somebody could gain access. The data is held in multiple server locations in multiple instances, providing protection from the unlikely event of a server farm issue.

Once the data has been transferred, it resides on GDPR compliant servers that are based within the European Union. The sever farms are both GDPR and HIPPA compliant and have attained the ISO27000 accreditation.

When transferring data to your clients we work with you to use your own data transfer procedures. But as a minimum we will use password protected PDFs to send reports to clients. Where electronic payslips are used, these are transferred by secure server and we insist on them being password protected. Once the payslip has been sent it is automatically deleted.

Any paper produced documents are retained for less than 24 hours and are then destroyed as well, to Level P-4 for sensitive, confidential and personal data.