GDPR – Employers are you ready?
You will probably have heard of the General Data Protection Regulation (GDPR) and may even know that it comes into force on 25 May 2018. However, do you know the practical steps that you need to take to ensure compliance? Stuart Snelson, Partner and Head of Employment, considers the key changes and actions that employers need to take right now.
The GDPR is European legislation that will govern data protection and introduces significant changes to the current regime in the UK. A lot of the commentary around the GDPR relates to marketing and customer connections. However, this article looks at the practical steps that businesses will need to take to ensure compliance with the GDPR from an employment perspective.
The GDPR expands the definition of personal data and makes it clear that data can only be processed if you have legitimate interests in doing so or explicit and freely given consent. In the employment context, it is unlikely that you will want to rely on consent and instead should ensure you have legitimate interests in any data processing. Another key aspect is the requirement to ensure that employees are aware of the data you hold on them and what you do with it. Finally, there are significantly increased penalties including a potential fine of up to €20m for breach of the GDPR.
So what should you do to ensure compliance? We recommend the key actions for employers are as follows:
- Review what personal data you hold and how it is processed.
- Consider why you process personal data and whether you have any legitimate interests in doing so.
- If you don’t have a legitimate interest, then either stop processing or seek consent.
- Review any consents held and consider whether they are freely given. If not consider whether data could be processed for legitimate reasons as above as an alternative.
- Produce a fair processing notice (also known as privacy notice) setting out what data is held and the purpose for which it is processed.
- Review your procedures for allowing access to personal data. Be aware of the reduced time you have to deal with any requests and the fact that you can no longer charge a fee.
- Prepare a data breach action plan so you can take action fast if any data breach occurs.
- Have procedures in place to deal with requests under the right to be forgotten.
We recommend that all employers carry out an audit now to ascertain what personal data they hold and how it is processed. An assessment can then be made as to what needs to be done to ensure this processing is compliant with the GDPR. We appreciate that this can be a daunting task and we are able to assist you with this GDPR audit by offering an initial meeting for a fixed fee of £250 plus vat. At this meeting we will consider how you currently process personal data, whether this is lawful and what you need to do to be GDPR compliant. Following this meeting we can then suggest what needs to be done and provide further support on a fixed fee basis. This may include assessing if consent is required, considering legitimate interests and updating your privacy notices, contracts or handbooks.
If you would like help with your GDPR audit or any employment matter then please get in touch by emailing firstname.lastname@example.org or call 01908 689318.
GDPR – Employers are you ready?
You will probably have heard of the General Data Protection Regulation (GDPR) and may even know that it comes into force on 25 May 2018. However, do you know the practical steps that you need to take to ensure compliance? Stuart Snelson, Partner and Head of Employment, considers the key changes and actions that employers…
Tribunal fees unlawful – so what next?
On 26 July 2017, the Supreme Court made a ground breaking decision by declaring Employment Tribunal fees to be unlawful. The government in response announced that it will abolish the fees. In a statement following the judgment Justice Minster, Dominic Raab said ‘…we will take immediate steps to stop charging fees in employment tribunals and…
Is your client base protected?
A recent High Court decision, Capita plc & Anr v Darch & Ors, has provided helpful guidance on the ownership of emails and the enforceability of restrictive covenants. Employment Lawyer, Paula Stuart, considers the impact of the judgment and how employers can take steps to protect the business. In this case, Capita made an application…
self-employment: not exactly what it says on the tin!
During the past few months there have been a number of high profiles cases that have called in to question the legal status of an individual. Employment Lawyer, Paula Stuart, considers the key factors that determine an individual’s working status and the impact this can have on a company and an individual’s rights. Over the…
Tackling issues in the workplace – in-house training
Do your Supervisors and Managers lack the knowledge and confidence to tackle issues in the workplace? Geoffrey Leaver’s Employment Team offer a focused and effective in-house training session on how to deal with the key problem areas in the workplace, namely poor performance, absence and misconduct and when and how to use the disciplinary procedure.…
Work Christmas party – employers beware!
It is that time of year again and employees are getting ready for their Work Christmas parties. This is an opportunity for everyone to let their hair down and have fun. However, Employment Partner Paula Stuart writes that a recent case at the High Court , Bellman v Northampton Recruitment has provided a helpful reminder…