Employment (Miscellaneous Provisions) Act 2018
The Minister for Employment Affairs and Social Protection, Regina Doherty has confirmed the new Employment Bill, which has been in the pipeline now for a number of years, will come into force on the 4th March. The Bill is being introduced to ‘improve the security of working hours for employees on insecure contracts and those working variable hours’, common in (but not exclusive to) service industries such as hospitality, tourism and retail. These industries often rely on flexibility in the employment contract and therefore the introduction of this new Bill will require them to take note.
The new Act makes certain breaches a criminal offence; where the employer does not comply with the new obligations in the Bill to provide the required information within one month, can lead to criminal prosecution. Fines on conviction could be up to €5,000 or imprisonment of up to twelve months or both. Directors, managers, secretaries or other officers of a company can be individually liable, i.e. be prosecuted individually for offences.
- In summary, the new Act will:
- Prohibit the use of Zero Hour contracts, save for exceptional circumstances
- Obligate employers to notify new employees of five core terms of employment in writing within five days of commencing employment
- Create a new entitlement to ‘Banded Hours’ contracts
- Provide for minimum payments to employees who are required to be available to work but are not actually called to work
The Act also introduces an anti-penalisation provision whereby an employer may not penalize an employee for exercising their rights under the 1994 Terms of Employment Act. An employee who is penalized can be awarded compensation of such amounts as the WRC considers just but will not exceed four weeks remuneration.
The new Act will bring significant changes for Irish employers and employees and according to Minister Regina Doherty; the Act is a “once-in-a-generation reform of our labour market.”
Please visit Brightcontracts.ie for more information on the new Employment Bill which has been in the pipeline now for a number of years and is to be enacted on 4th March 2019.
Related Articles:
How to avoid PAYE Modernisation mistakes
Back to Basics - Disciplinary Steps and Sanctions
Thesaurus Payroll Software | BrightPay Payroll Software | Bright Contracts
What are “banded hours”?
The Employment Act 2018 creates a new right for employees whose employment contract does not accurately reflect the reality of the hours they work on a consistent basis. After a reference period of 12 months, employees will be able to request in writing to be placed in a band of hours that better reflect their average weekly hours worked. In response, employers are obliged to place the employee in the appropriate band and should do so within four weeks of receiving the employee’s request.
The appropriate band is determined by the employer on the basis of the average number of hours worked by the employee per week during the reference period.
The appropriate bands are laid down in law as set out in the below table.
| Band A: | 3 to 6 hours |
| Band B: | 6 to 11 hours |
| Band C: | 11 to 16 hours |
| Band D: | 16 to 21 hours |
| Band E: | 21 to 26 hours |
| Band F: | 26 to 31 hours |
| Band G: | 31 to 36 hours |
| Band H: | over 36 hours |
An employer may refuse to place an employee in a band in one of the following circumstances:
- Where there is no evidence to support the employee’s claim
- Where there have been significant adverse changes to the business during or after the reference period
- Due to exceptional circumstances, an emergency or unforeseeable circumstances beyond the employer’s control
- Where the average hours worked by the employee were affected by a temporary situation that no longer exists
In determining the 12 month reference period, a continuous period of employment immediately before the legislation is to be enacted on 4th March 2019 will be reckonable towards the 12 month reference period. Please visit Brightcontracts.ie for more information on the new Employment Bill which has been in the pipeline now for a number of years.
The Bill is being introduced to ‘improve the security of working hours for employees on insecure contracts and those working variable hours’, common in (but not exclusive to) service industries such as hospitality, tourism and retail. These industries often rely on flexibility in the employment contract and therefore the introduction of this new Bill will require them to take note.
To keep up with the latest payroll news, check out our new Bright website. There, you'll be able to register for any of our upcoming payroll webinars and download our payroll guides.
BrightPay Payroll Software | Thesaurus Payroll Manager | Bright Contracts
Data Protection complaints increase since introduction of GDPR
Nearly 4 months since the General data Protection Regulation (GDPR) was introduced across all of Europe, complaints around Data Protection have nearly doubled in the UK and are up by nearly 2 thirds in Ireland.
GDPR was designed to give Data Subjects more control over their personal data, with more transparency and the threat of larger fines to those in breach of the new rules. The GDPR requires any company that suffers a data breach to notify its users/data subjects within 72 hours of the breach being discovered.
• Ireland’s Data Protection Commission (DPC), head of communications - Graham Doyle has said that ‘there has been a significant increase in the volumes of both breaches and complaints to the DPC since May 25th.’ Since GDPR enforcement began the DPC has seen monthly data breach reports double, while data protection complaints increased by 65%.
• Data protection complaints to the UK’s Information Commissioners Office (ICO) rose to 4214 in July compared to just 2310 complaints received in May before the GDPR came into force. A spokes person for the ICO said the increase was expected, as more users became aware of data protection because of publicity around the new rules and following a series of high-profile data scandals involving big technology firms.
Experts note, however that the increase does not mean that the number of data breaches has suddenly gone up, but rather reflects the full scale of the data breach problem becoming better known.
Organisations that fail to comply with GDPR can face fines of up to 4% of annual global revenue or €20 million, whichever is greater. So far none of the EU’s Data Protection Agency’s has issued any fines. Graham Doyle at the DPC said ‘It is too soon to expect to see any fines levied against organizations that have violated GDPR – given its only 3 months after it went into full effect.’
We will be hosting a free online webinar - ‘GDPR 3 Months On’ on Thursday September 20th at 11am, where Graham Doyle will joining us as a guest speaker.
To register for this webinar please click here.
Back to Basics - Disciplinary Steps and Sanctions
Another question that comes up from time to time is how and when to initiate the disciplinary procedures - How many warnings can an employee receive before being dismissed? When do I give a final warning? Can I fire my employee for committing an offence of gross misconduct?
The first step is always to inform the employee of issues that you may have, even minor issues; whether it is with their job performance, their time keeping, or even a breach of company rules, by means of informal counselling. The employee must be given the appropriate time/measures to defend themselves or at least be given the chance to rectify the problem. Prior to taking the decision to invoke the disciplinary procedure, the employer must ensure that the situation has been thoroughly investigated.
The following disciplinary procedures should apply in matters of discipline; constant repetition of minor offences, willful negligence or unsatisfactory performance or complaints, that are found to be proven against the employees.
The stages in the procedure are as follows:
• Stage 1 - Verbal Warning
• Stage 2 - First Written Warning
• Stage 3 - Final Written Warning The final written warning will state clearly that the next stage may be termination of employment if conduct and/or performance does not improve.
• Stage 4: Action Short of Dismissal
In exceptional circumstances, and depending on the individual case, The Company may exercise its discretion to suspend with or without pay. Demotion to a lower position or rate of pay and transfer to another position may also be considered. This is action short of dismissal.
• Stage 5: Dismissal
In an instance of gross misconduct, a full investigation will be conducted and a disciplinary meeting will be held. This will follow the normal procedures outlined above, but the outcome, if found to be gross misconduct, will almost certainly result in dismissal due to the serious nature of the situation.
At each stage in the procedure a disciplinary meeting should be held, where all the facts will be considered and any mitigating circumstances discussed, as well as timelines imposed for improvements, etc. Where a warning is issued, a copy will be placed on the employees personnel file for a defined period. All warnings issued under this procedure will state clearly that the employee will be liable for further disciplinary action should their performance not improve or should there be a further breach of company rules or procedures. In the event of no further transgression occurring and the performance improving, the warning will be removed after a period of no more than 12 months and the employee’s file will be clear. The employee will also be advised of his/her right to appeal against disciplinary action taken.
This is an area where employer’s need to tread carefully, at all times fair procedures must be applied and the company’s’ policy regarding disciplinary steps and sanctions should be adhered to. Once these steps are followed there is no reason why an employer cannot dismiss an employee without repercussions. Most employers tend to fall down and lose Unfair Dismissal cases brought against them, not because they didn’t have disciplinary procedures in place, but because they did and they failed to actually follow them.
Bright Contracts has a very robust Discipline and Grievance Policy set out in its Handbook with all the relevant procedures that an employer needs. To download a free trial of Bright Contracts click here. To request an online demo of Bright Contracts, click here.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
Back to Basics - New Employees
We often get calls into the helpline requesting basic information on HR/Employment Law queries like how to deal with new starters or when should an employer invoke the disciplinary procedures, so we will look at some basic HR topics in a series of blogs starting today with new employees.
New Employees
• A new employee is required by law, under the Unfair Dismissal Act, to receive a copy of the company’s ‘Dismissal Procedures’, which are usually contained in the ‘Disciplinary/Grievance Procedures’ of the Staff or Company Handbook, within 28 days of starting work with the company.
• Under the Terms of Employment (Information) Act 1994 the employer is obliged to furnish new employees within 2 months of starting, with a ‘Written Statement of ‘certain’ terms and conditions’ of their employment, also known as an ‘Employment Contract’.
• The new GDPR regulations specify that employers must provide their employees with information about what personal data they hold on them, for what purpose and how it was collected, who it may be shared with, what security measures are in place to keep it safe and what the employee’s rights are as well as other specific requirements. This is called an ‘Employee Privacy Policy’ or ‘Employee Privacy Notice’ and should be given to the employee as an addendum to their Employment Contract.
Based on these 3 pieces of legislation it would be best practice to provide your new starter with their Employment Contract, Privacy Policy and Staff/Company Handbook on their first day of work, if not before it. An employer can be fined up to 4 weeks pay for not providing the employee with their ‘Written Statement of Terms and Conditions of Employment’ within the 2 month timeframe, so it is best to get into the habit of furnishing the documents as soon as possible.
There is no requirement for a signature from the employee on any of these documents; however it would be prudent of an employer to request a signature from the employee or at least some form of acknowledgement or proof of the employee receiving the documents.
The new Employment Bill 2017, yet to be introduced, stipulates that a new employee should receive some details of their terms of employment within 5 days of starting with a company but it is yet to be seen whether this aspect of the Bill will get the go ahead.
Bright Contracts offers employers a simple and user-friendly system which enables them to easily create and customize all of these documents and keep an electronic record on file. To download a Free Trial click here or book an online Demo of the Bright Contracts software.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
GDPR deadline gone - So what now?
If you haven’t already updated existing policies for GDPR or if you haven’t started to look at the implication of the new regulations within your organization, you still have time. GDPR compliance will be an on-going process and therefore will need to be monitored and updated on a regular basis – it will not be just a one-off exercise, so it’s certainly not too late to make a start on those updates to get you on the road towards compliance.
The first thing you should consider is to create an inventory of all the personal data you currently store and/or process, whether that be data belonging to employees, customers or suppliers. This inventory will go a long way in helping you, as you will be able to garner from it any areas that need updating or creation of new procedures to help with meeting the GDPR requirements.
• Employee Privacy Policy - If you have employee’s, does the existing contract detail what data you process on them, with whom and what they’re rights are in relation to that data? If not then you would need to create an Employee Privacy Policy.
• Clean Desk Policy – Do you operate a Clean desk Policy? Whereby data belonging to customers or suppliers is not left out on desks overnight where cleaners/security staff may have access to them.
• Data Processor Agreement - Do you share any employee information with your accountant or pension provider? If so do you have a valid or up to date contract or letter of engagement covering the new GDPR stipulations between data controllers and data processor’s?
Realistically it will be difficult for any organization to ever be fully compliant with GDPR; however once you are not ignoring your obligations under the new rules and have or are in the process of taking steps towards demonstrating compliance this should be sufficient if you ever face a Data Protection inspection.
If you require further guidance on GDPR please see our dedicated support section on our website where you can find on-demand GDPR webinars, FAQ’s and template documents like a Data Processor Agreement.
Bright Contracts has also recently been upgraded to include a new Employee Privacy Policy feature whereby you can tick off another box to prove compliance under the new GDPR regulations. Download a free trial of Bright Contracts here. Book a free online Demo of the software.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
Privacy Policies - a GDPR requirement
One of the main principles of GDPR is that Data shall be processed lawfully, fairly and in a transparent manner, these three elements overlap and all three must be satisfied in order to demonstrate compliance.
Employers, as both Data Controllers and Processors, must be able to show how they comply with the new data protection principles and be clear and open with their employees about the processing of data and their rights. The GDPR stipulates that anywhere personal data is being collected, either directly or indirectly, Privacy Notices should be in place, these policies are critical to complying with the transparency obligations in the GDPR. So the introduction of an Employee Privacy Policy will cover the required elements and ensure demonstratable compliance in this regard.
The Privacy Policy should be written in a clear and easily-understandable format and must include;
• What data is processed – name, address, PPS no., bank details, etc.
• How it was obtained – employee detail request form, CV, ROS, etc.
• The ‘legal basis’ for processing the data – contractual necessity, legal obligation, etc.
• Who has access to it and any third parties– HR dept., payroll clerk, pension company
• How it is stored and security – HR system, Thesaurus software, encryptions, etc.
• How long it is kept for –set in company policies or statutory requirements
• The rights of the employee – right to access, rectification, erasure, etc.
• If data is transferred outside the EEA
• Contact details of Data Controller
We have recently upgraded our Bright Contracts software to include a new Employee Privacy Policy feature, so now employers can facilitate the main GDPR principle of lawful, fair and transparent processing of the employee data. We have also updated the Data Protection Policy within the Handbook and the Data Protection Clause within the contracts.
To download a free trial of Bright Contracts, click here.
To request a free online Demo of Bright Contracts, click here.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
Why am I getting all these emails about privacy?
Lately you may have noticed your inbox bulging each morning with lots of emails with similar subject lines to these;
“Your privacy = our priority” “GDPR Data Protection – Your Data is Safe with us”
“Big Changes are coming” “Opt-In to continue receiving our great updates”
“GDPR update – please don’t leave us!” “We’re keeping your details safe”
New, tougher European regulations around privacy and the use of personal data have now come into force and could see companies hit with huge fines if found to be in breach of the new laws.
In order for personal data to be processed lawfully, the processor must be able to rely on the reasoning being at least one of 6 categories, the main one being Consent. So if you were previously signed up with a company to receive newsletters or emails about special offers, they can no longer continue to send you these without your explicit consent.
Previous Data Protection Legislation allowed for an option to ‘Opt-Out’ as being sufficient means to mark having your consent, however with the new GDPR this is no longer the case. Consent must be ‘freely given’ unambiguous’ and for a ‘specific purpose’. Consent must be easily read and clearly distinguishable from other text and evidence must be collected as to how consent was obtained.
Consent can no longer be assumed and the likes of pre-ticked boxes that would have needed to be unticked if you didn’t want to register are now banned. Also the facility to Unsubscribe must be clear and an easy procedure to follow.
So all the emails you have been receiving, like those listed above, are those companies that you may previously have signed up with, scrambling to cover themselves for GDPR and not wanting to lose you as a possible customer or sale.
For more information on GDPR and how it may affect your organization, please see our dedicated online support documentation here.
Bright Contracts | Thesaurus Payroll Software | BrightPay Payroll Software
GDPR Frequently Asked Questions - Answered!
Is the emailing of payslips permissible under GDPR?
There is nothing in the GDPR that states it is no longer permissible to email payslips, this practice is still very much acceptable. The thing to keep in mind in relation to emailing payslips is to ensure that all appropriate security measures are in place. The payslips that are emailed from both Thesaurus and BrightPay are encrypted and deleted from our servers once sent, however it may also be prudent of a processor of the payroll to password protect the payslips also. It will be the responsibility of the Data controllers (employers) to be vigilant that correct email addresses are inputted.
Can I still use my hard-earned mailing lists after May 25th?
Not automatically - the GDPR states that to be able to ‘Lawfully Process’ personal data you must be able to fall into at least 1 of the 6 processing classifications, the first one being Consent. Consent must be:
• Specific, informed, unambiguous, and freely given – there must be evidence that clear affirmative action has been given.
• Must be for a specified purpose
• Where consent is obtained as part of a larger document covering other things, consent text must be clearly distinguished from everything else
• Evidence needs to be retained as to how the consent was obtained. For example; forms, brochures signage, website screenshots.
• Language must be accessible and easily understood.
• Have a clear and seamless opt-Out process in place.
If you have mailing lists that you’ve used pre GDPR you will not be able to continue using them if you haven’t got specific approval or consent from the individuals.
Do we need to ask for consent from our employees to process their data?
No, as the reliance for processing and retaining their data will be down to lawful processing because of the employer’s legal obligation to deduct taxes etc. and also down to the contractual agreement in place to pay them and pay forward the taxes owed on their behalf. And also to the nature of the relationship between the employer and the employee, the status quo is in the employer’s favour so consent would not be unambiguous or freely given.
More information can be found in the GDPR section of our online support documentation on our website - Bright Contracts IRL - GDPR
To book a free online demo of Bright Contracts click here.
To download your free trial of Bright Contracts click here.
BrightPay - Payroll Software | Thesaurus Payroll Software
Bright Contracts - Employment Contracts and Handbooks
Do employers need to amend employees' contracts to comply with the GDPR?
No, it is not necessary for employers to amend the contracts of existing employees to comply with the General Data Protection Regulation (GDPR). However if your employment contract includes a data protection clause it will need to be revised for any new contracts created.
For existing employees, employers should issue a new privacy notice to, providing information on the processing of their personal data, which would override any invalid data protection clauses in the contract. The GDPR specifies the information that the employer must provide in the employee privacy policy. The information includes the purposes for which the employer will process the employee's personal data, the legal bases for the processing, information about the retention period and information about the employee's rights as a data subject.
What has Bright Contracts done?
- Updated employment contract: whilst not necessary to update existing employees’ contracts, we have updated the Data Protection contract clause for all new contracts created in Bright Contract.
- Employee Privacy Policy: a new Employee Privacy Policy will be made available to all Bright Contracts customers. The new policy contains all the specific information required under GDPR.
- Data Protection Policy: the handbook Data Protection Policy has been updated and should also be communicated to employees.
