GDPR – Employers are you ready?
You will probably have heard of the General Data Protection Regulation (GDPR) and may even know that it comes into force on 25 May 2018. However, do you know the practical steps that you need to take to ensure compliance? Stuart Snelson, Partner and Head of Employment, considers the key changes and actions that employers need to take right now.
The GDPR is European legislation that will govern data protection and introduces significant changes to the current regime in the UK. A lot of the commentary around the GDPR relates to marketing and customer connections. However, this article looks at the practical steps that businesses will need to take to ensure compliance with the GDPR from an employment perspective.
The GDPR expands the definition of personal data and makes it clear that data can only be processed if you have legitimate interests in doing so or explicit and freely given consent. In the employment context, it is unlikely that you will want to rely on consent and instead should ensure you have legitimate interests in any data processing. Another key aspect is the requirement to ensure that employees are aware of the data you hold on them and what you do with it. Finally, there are significantly increased penalties including a potential fine of up to €20m for breach of the GDPR.
So what should you do to ensure compliance? We recommend the key actions for employers are as follows:
- Review what personal data you hold and how it is processed.
- Consider why you process personal data and whether you have any legitimate interests in doing so.
- If you don’t have a legitimate interest, then either stop processing or seek consent.
- Review any consents held and consider whether they are freely given. If not consider whether data could be processed for legitimate reasons as above as an alternative.
- Produce a fair processing notice (also known as privacy notice) setting out what data is held and the purpose for which it is processed.
- Review your procedures for allowing access to personal data. Be aware of the reduced time you have to deal with any requests and the fact that you can no longer charge a fee.
- Prepare a data breach action plan so you can take action fast if any data breach occurs.
- Have procedures in place to deal with requests under the right to be forgotten.
We recommend that all employers carry out an audit now to ascertain what personal data they hold and how it is processed. An assessment can then be made as to what needs to be done to ensure this processing is compliant with the GDPR. We appreciate that this can be a daunting task and we are able to assist you with this GDPR audit by offering an initial meeting for a fixed fee of £250 plus vat. At this meeting we will consider how you currently process personal data, whether this is lawful and what you need to do to be GDPR compliant. Following this meeting we can then suggest what needs to be done and provide further support on a fixed fee basis. This may include assessing if consent is required, considering legitimate interests and updating your privacy notices, contracts or handbooks.
If you would like help with your GDPR audit or any employment matter then please get in touch by emailing ssnelson@geoffreyleaver.com or call 01908 689318.
Stuart Snelson | Partner
ARCHIVE
Categories
-
Case Studies (31)
-
Commercial Property (67)
-
Company Commercial (45)
-
Construction & Development (12)
-
Dispute Resolution & Litigation (55)
-
Employment (65)
-
Factsheet (4)
-
Helpful document (0)
-
Our News (47)
-
Personal Injury (76)
-
Pocket Guide (3)
-
Private Client Services (76)
-
Residential Property (31)
-
Testimonial (7)
Months
-
December 2023 (3)
-
November 2023 (8)
-
October 2023 (6)
-
September 2023 (8)
-
August 2023 (7)
-
July 2023 (8)
-
June 2023 (8)
-
May 2023 (6)
-
April 2023 (4)
-
March 2023 (9)
-
February 2023 (8)
-
January 2023 (6)
-
December 2022 (10)
-
November 2022 (5)
-
October 2022 (6)
-
September 2022 (7)
-
August 2022 (8)
-
July 2022 (6)
-
June 2022 (9)
-
May 2022 (8)
-
April 2022 (8)
-
March 2022 (8)
-
February 2022 (9)
-
January 2022 (6)
-
December 2021 (6)
-
November 2021 (8)
-
October 2021 (7)
-
September 2021 (6)
-
August 2021 (9)
-
July 2021 (6)
-
June 2021 (7)
-
May 2021 (6)
-
April 2021 (6)
-
March 2021 (8)
-
February 2021 (6)
-
January 2021 (7)
-
December 2020 (6)
-
November 2020 (11)
-
October 2020 (3)
-
September 2020 (1)
-
August 2020 (2)
-
April 2020 (9)
-
March 2020 (4)
-
February 2020 (7)
-
January 2020 (5)
-
November 2019 (3)
-
October 2019 (1)
-
September 2019 (3)
-
August 2019 (2)
-
June 2019 (5)
-
May 2019 (2)
-
April 2019 (2)
-
February 2019 (2)
-
December 2018 (2)
-
November 2018 (5)
-
October 2018 (2)
-
August 2018 (2)
-
June 2018 (1)
-
April 2018 (1)
-
March 2018 (4)
-
February 2018 (2)
-
December 2017 (4)
-
November 2017 (5)
-
October 2017 (3)
-
September 2017 (3)
-
August 2017 (2)
-
July 2017 (5)
-
June 2017 (9)
-
May 2017 (1)
-
March 2017 (12)
-
February 2017 (2)
-
December 2016 (8)
-
November 2016 (4)
-
October 2016 (1)
-
September 2016 (9)
-
August 2016 (5)
-
July 2016 (2)
-
June 2016 (2)
-
May 2016 (4)
-
March 2016 (3)
-
February 2016 (12)
-
January 2016 (1)
-
December 2015 (9)
-
November 2015 (10)
-
October 2015 (8)
-
September 2015 (2)