Skip to main content
News

E-mailing employee payslips

15. December, 2020No Comments

E-mailing employee payslips

Article 135 of the Employment Relationships Act (ZDR-1) requires employers to provide employees with a payslip on the end of payment day at the latest. Employers that fail to do so are liable to a fine under Article 217 of ZDR-1. Supervising the enforcement of this provision comes under the remit of the Labour Inspectorate, which may request proof that an employer has issued and handed over payslips to employees in a timely manner. Where a payslip is handed to the employee in person, the employee can sign a payslip receipt confirmation to evidence the fact. However, where payslips are e-mailed to employees, it is recommended that employers retain these e-mails messages as proof that they have met their statutory obligations in a timely fashion.

Considering that a payslip contains an employee’s personal information, care must also be taken to properly protect these personal data. The Information Commissioner has on several occasions addressed the practice of e-mailing payslips, most recently in opinion No. 07121-1 / 2020/374 of 17 March 2020 and No. 07121-1 / 2020/1516 of 2 September 2020. The Information Commissioner outlined what employers should pay special attention to, and these instructions are summarized below.
i. E-mail address
If the employee uses a company e-mail address, the employer may e-mail the payslip to this address without the need to obtain the employee’s consent, provided that appropriate security measures are in place. In practice, however, a situation might arise where the employer wants to e-mail the payslip to the employee’s private e-mail address (e.g. because the employee does not have a company e-mail address). In this instances, the Information Commissioner points out that the employer must have appropriate legal grounds for processing the employee’s private e-mail address, which originates from first paragraph of Article 6 of the General Data Protection Regulation (GDPR) and the employee must be informed that the e-mail address will be processed for the purpose of having their payslip e-mailed to them. It is recommended that the employee’s written consent be obtained. If the employee does not want his/her private email address processed or if e.g. he/she does not have an e-mail address, the employer cannot send the payslip by e-mail.
ii. Security with a transfer of personal data
A payslip contains comprehensive personal data about an employee. The Information Commissioner recommends that payslips be sent as encrypted files to ensure that this information is appropriately protected. However, if a payslip contains data on trade union membership, information which falls under a special category of personal data under Article 9 of the GDPR, the data must be encrypted.
When communicating by e-mail, there is a possibility of unauthorized access, so it is important that the files are password protected. The Information Commissioner recommends that employers furnish employees with the password in person. However, if this is not feasible due an employee(s) working from home, the employer must not send the passwords in the same message as the file itself. In this regard, the Information Commissioner also specifically points out that a tax or ID number does not constitute a secure password. For a password to be secure, it must contain at least 8 characters, lower and uppercase letters, numbers, special characters, and a punctuation mark.
Author: Eva Jean, Associate