I would have thought that a passworded winzip of a report pack including payslips would be perfectly adequate.

12Pay  Bureau Edition for example (I am no longer associated with that product) includes a function to create password protected zipped report packs so one zip file can be automatically made up as a single request that contains all of your client's reports, including payslips, for a period. It can also bundle a set of reports into a single password-protected PDF. I expect that rival products ought to have some similar functionality for their bureau clients.

Clearly sending paper by post is in reality far *less* safe even than emailing unprotected reports. Bizarre that GDPR might push people into less safe behaviour! The Law of Unintended Consequences....

Tom McClelland wrote:

---

 Bizarre that GDPR might push people into less safe behaviour! The Law of Unintended Consequences....

---

 Totally agree

Cheshire wrote:

---

Hi Gill
You dont need a portal - just another pile of scaremongering. You dont say what payroll software you use so cant advise specifics.

You can password protect the payslips and email as a bulk for the employer to sort, or you can password protect individuals payslips and email them individually (via the good payroll software at least!). I dont favour the latter as you potnetially get mithered to death when employees forget their password.

You can also easily password protect a report via pdf and email it.

Not used WinZip for a while. This can be p/w protected. What you need to check - do they hold that data when its zipped? I dont think they do, but check their privacy pol and if its outwith the EU that they confirm they opt in/subscribe (whatever the word is) to the EU laws and the US Privacy Shield. (If not those two, then dont use!)

You can also password protect and share via a file sharing app.

It has been covered, in part, in the two lengthy GDPR posts from about 3-4 weeks ago and the rest will have been buried in other posts not specifically titled GDPR (one godo reason to come on the site daily).

---

 Winzip is desktop software that runs entirely on your own PC. They never see your data.

So presumably Winzip isnt suitable for sending docs externally to clients then?

Thanks

Gill

Ah I see - thank you for that.  Will look into that then!

Gill

Thanks Eunice

I have just bought and installed WinRar - I can password protect a Zip file, to include the payslips, reports etc, which can then be emailed to a client. £40 for a year isnt so bad.  Thanks all - I feel I've been totally bogged down with too much GDPR info out there, and hard to understand what I actually had to do!

Thanks

Gill

I was just thinking the same thing - is there a UK site for it?  Havent been able to find one yet.

"It turns out the client needs to install WinRAR too, which doesn't sit well with me asking clients to download software just to get their payslips and reports."

As Tom said, WinRAR can create Zip files - it's just a matter of choosing the right options (which can probably be set as a default). That aside, though, while Adobe Reader and Flash both (IIRC) tend to come installed by default with Windows computers, this wasn't always so - for a long time, if anyone received a PDF file in an email or visited a website that used Flash, they would be expected to download the software. (Indeed, I expect a lot of software that can automatically email PDFs also includes a link to download it in the text that accompanies the file).

Yet if you're like most people, you wouldn't bat an eyelid and including a note about where Adobe Reader can be downloaded - and I can assure you, given Adobe's reputation for vulnerabilities with that (and probably moreso with Flash) that's very ironic.

"Also, if you just download it for free, you get a message after 30 days or so saying you need to pay, which you apparently just click out of, and dont pay, but again, not very professional to me."

"Not very professional" ? I don't use WinRAR (but I've long since known of it). It sounds like it's using a software distribution model that has been around since as long as I can remember - originally called Shareware, but also known by other names.

The logic is: We're nice people. We've written some useful software, and we're making it available for you - just download it. But hey, why not be nice in return and give us some money for it - to help pay us for the time we spent developing and supporting it, as well as the hosting costs? We'll pop up a message to remind you to do so after a certain time, and we reckon if we were selling this as commercial software, this would be a good asking price... but if you don't want to, that's okay as well.

Either that or it's being sold commercially with a trial period. In which case, if you can click past the message at the end of the trial period and carry on using it, that's what's known as a 'bug' - and speaking with my programmer hat on, the thing I'd say is "not very professional" is taking advantage of the bug to get something for nothing. (Though I note you have paid for it, so that doesn't apply to you.)

GillyP wrote:

---

Vince, you're missing my point.  By not very professional, I am referring to ME not looking very professional by asking my clients to download software which then gives them a message asking them to pay. 

I know Adobe Reader comes as default, but to password protect a pdf I apparently need Adobe Acrobat, which I need to pay for.  I know that WinRAR creates zip files, and I have done this with a couple of groups of files, however my clients cannot open this zip file when they receive it without downloading WinRAR, taking me back to my first point.

I am happy to pay for software when I need the software, and am not trying to work around paying for stuff - I am merely trying to fathom out the best option for me to comply with GDPR without bankrupting myself, or spending hours upon hours preparing reports and payslips for clients, when I cannot pass on the extended cost to them just because they currently pay the going rate.

 

---

 If your clients can't open the file that winrar creates without winrar then probably you aren't selecting the option to create a zip file rather than eg a rar file.

Tom - thank you.  Right, I will look at that and see what options there are.

thanks

Gill

Hi Gill

I thought not, the data is sent over a secure connection so I assume it doesn't need to be password protected.

With my other clients I mentioned, I download payslips and reports from Payroll Manager, save them to a file

on my PC (which I would do anyway to keep a copy), and send them as PDFs attached to an email.

Eunice

Leger wrote:

---

 

 

Joanne, I received a document the other day and my date of birth was the password, which seemed to me to be a cracking idea.

 

Eunice, I very nearly opted for the client space, but later found I could manage quite adequately with the password features in moneysoft, apart from 2 clients.  The portal I install on my own domain will, at least I hope, be very similar.

---

John - Only problem with dob as a password is its a bit like leaving a car key on the spare wheel or under a plant pot in the garden - everyone knows how/where to look.

Eunice  - Client Space is a US company?    Note the can also refer to  some software that you may use have domains in the UK as well as US where they state in their privacy policy that they can transfer data outside the country, generally back to the US. 

GDPR has specific requirements for businesses handling data in ANY country, but under GDPR data transfer may only occur to countries deemed by data protection authorities as having adequate data protection laws.   NOTE WELL - US is not listed as one of those countries have adequate data protection laws.   

This is where Privacy Sheild helps.  Its a  newish agreement between the EU and the US (who lets face it love to share data and snoop), allowing transfer of the data from the EU to the US. But the new agreement helps companies on both sides of the pond a mechanism to comply with the stricter EU requirements.   So I would always suggest you work with privacy shield certified (shows they are committed to DP) and not any others.

Bucks Bodger wrote:

---

I password protect the files from within Payroll Manager.

---

 

Bucks Bodger wrote:

---

With my other clients I mentioned, I download payslips and reports from Payroll Manager, save them to a file

on my PC (which I would do anyway to keep a copy), and send them as PDFs attached to an email.

---

 Hi Eunice 

Can you tell me how you do that? I find that they are only password protected if you send direct by email.