Ensuring Data Protection: Wagewell’s Commitment to Data Security & Compliance
In today’s digital age, protecting the privacy and security of personal data is paramount, especially in the realm of financial services and employee benefits. At Wagewell, we understand the critical importance of safeguarding employee information and prioritise data security as a cornerstone of our On-Demand Pay solution. In this blog post, we’ll delve into the enterprise-grade security measures we’ve implemented to protect the welfare of all personal data entrusted to us, ensuring full compliance with the Kenya Data Protection Act.
🔒 Secure Payroll Integration:
In order to calculate an employee’s accessible earnings, Wagewell securely integrates with the employer’s existing payroll system via an Application Programming Interface (API) or Secure CSV File Upload. The method of integration depends on the employer’s current payroll system, but Wagewell can work seamlessly alongside any payroll software, whether fully automated (cloud-based) or manual (on-premises).
With our direct API integration, updates occur automatically on the Wagewell Employer Portal, enhancing efficiency and eliminating any admin burden for HR and Payroll teams. Alternatively, our Secure CSV File Upload method offers a straightforward way for employers with manual payroll processes to conveniently access and manage employee information.
🛡️Our Commitment to Data Security:
At Wagewell, we pride ourselves on being the most ethical and socially responsible On-Demand Pay solution on the market. Here are just some of the robust security measures we’ve implemented to provide our employer partners and end-users with peace of mind that their data is kept safe and secure.
1. Transfer & Storage of Data: Wagewell utilises industry leading encryption protocols to safeguard all personal data. All data transfers are performed securely over bank-grade HTTPS (TLS >= 1.2) encrypted networks and stored at rest using an industry-standard AES-256 encryption algorithm — making it virtually impregnable to brute-force attacks.
2. Physical Security: We host our production servers, databases, and supporting services on Amazon Web Services (AWS). AWS holds SOC 2 Type II and ISO 27001 certifications, ensuring rigorous physical security measures. This includes dedicated security staff, strictly managed physical access controls, and video surveillance.
3. Access Controls: Strong password policies and multi-factor authentication (MFA) are enforced to limit access to employee personal data to authorised personnel only. Strict access permissions are applied, following the principle of least privilege, and access rights are regularly reviewed to maintain the highest security standards.
4. Regular Security Audits: Wagewell conducts regular security audits and assessments to proactively identify and address any potential vulnerabilities. Our dedicated security team monitors system activity and implements necessary updates, ensuring continuous improvement of our security posture to stay ahead of emerging threats.
⚖️ Compliance with the Kenya Data Protection Act:
Wagewell operates in full compliance with the Kenya Data Protection Act 2019, which sets forth stringent requirements for the handling of personal data. Our On-Demand Pay solution adheres to the following key provisions of the Act:
1. Lawful & Fair Processing: We ensure that all personal data collected and processed through our platform is done so lawfully and fairly, with transparent practices and informed consent from employees.
2. Purpose Limitation: Any personal data is used solely for the purpose of facilitating On-Demand Pay transactions and related services. We never disclose personal data for any other purposes without explicit consent or legal obligation.
3. Data Minimisation: Wagewell adheres to the principle of data minimisation, collecting only the necessary personal data required for the provision of our On-Demand Pay service. We refrain from collecting excessive or irrelevant information that is not essential to the transaction process.
4. Data Subject Rights: We respect the data subject rights outlined in the Data Protection Act, including the right to access, rectify, and erase personal data. Users have the option to review and update their personal information, ensuring transparency and accountability at all times.
📝 Our Certifications from the Office of the Data Protection Commissioner (ODPC):
As a testament to our unwavering commitment to data protection and compliance, Wagewell is registered with the Office of the Data Protection Commissioner (ODPC) in Kenya and proudly holds both Data Processor and Data Controller certificates. These certificates reinforce our adherence to the highest standards of data security and privacy.
Conclusion:
At Wagewell, we believe that the security and privacy of personal data is non-negotiable. Through advanced encryption, secure data storage, and strict compliance with the Kenya Data Protection Act, we ensure that employee information remains safe and confidential at all times. With our Data Processor and Data Controller certificates, employers can rest assured that Wagewell provides a fully compliant On-Demand Pay solution that prioritises data security and respects employee privacy.
If you have any questions regarding our data security policies, please do not hesitate to contact our Data Protection & Compliance Officer (“DPCO”) via our website.
