GDPR and your employees
GDPR and Employee Personal Data Amidst the haze of GDPR headlines it can be...
Back to News and EventsGDPR and Employee Personal Data Amidst the haze of GDPR headlines it can be...
Back to News and EventsAmidst the haze of GDPR headlines it can be easy to think that as a business you need only be concerned about the personal data of your clients and customers. However, under the General Data Protection Regulation (GDPR) which comes into force on 25th May 2018, certain data about your employees will count as personal data too.
The GDPR is not intended to be a radical overhaul of data protection legislation but rather a strengthening of the rights enjoyed by data subjects (i.e. the people about whom you hold data). Employees will be data subjects and therefore will have the same entitlements enjoyed by any other data subject. Such rights include: the right to be informed about how, where and when their data is being processed, the right to make a subject access request; and the right to request erasure of their data in certain circumstances.
As well as strengthening data subjects’ rights, the GDPR also changes the lawful bases upon which you can process data. Before you can process (think collect, store, transfer, delete etc.) personal data you must identify a lawful justification for processing. If your processing cannot be justified on one of six bases appearing in the GDPR, processing will be unlawful. One such lawful basis is that the processing is necessary for the performance of a contract with the data subject. This may seem like the obvious justification for processing your employees’ personal data. You must consider carefully your processing activities and decide whether it is truly necessary for the employment relationship. Your lawful justification will need to be communicated to your employees (usually by way of a privacy notice).
The GDPR is unlikely to significantly change the substance of your relationship with your employees. However, it is very likely that in order to be technically compliant with the GDPR you will need to make a number of changes to your employment contracts and workplace policies.
If your employment documentation needs a review or redraft, or if you require advice about any aspect of the GDPR, please contact Eve Lakin via eve.lakin@poolealcock.co.uk or on 01270 619689. Alternatively, please visit our Employment services page here or complete this form for a call back.
Poole Alcock LLP is a Limited Liability Partnership and is authorised and regulated by the Solicitors Regulation Authority. Registered in England and Wales at: 2nd Floor, 34-36 High Street, Nantwich, Cheshire, CW5 5AS. Telephone: 01270 625478. LLP registration number 0C310420 Poole Alcock LLP has offices in Alsager (SRA No: 408249), Congleton (SRA No: 408248), Crewe - Nantwich Road (SRA No. 639144.), Nantwich - The Dowery (SRA No: 408250), Nantwich - High Street (SRA No: 408247), Sandbach (SRA No: 408252) and Wilmslow (SRA No: 654460). The firm's VAT number is 278 8524 07. A list of members is available for inspection at any of our offices. We use the word "partner" to refer to a member of the LLP. All solicitors are subject to rules and principles of professional conduct. The SRA Standards and Regulation including our code of conduct can be found at SRA | SRA Standards and Regulations | Solicitors Regulation Authority
Terms & Conditions Privacy Policy Privacy Policy for Employees Cookies Policy Complaints Policy