With the General Data Protection Regulation (GDPR) now in force a new principle of accountability means you now have a positive obligation to evidence your compliance with the data protection principles.
What do employers need to do?
To ensure you have met all of your obligations and made employees aware of how you will be processing their personal data it is advisable to have the following:
A GDPR compliant privacy notice for employees
This is used to notify employees, workers and contractors about the personal data that you hold about them, how they can expect their personal data to be used, and for what purpose.
A GDPR compliant privacy notice for candidates
Similar to the above, this is for individuals applying for jobs or assignments with you. It notifies prospective employees, workers and contractors about the personal data held about them and how it will be used.
A Data Protection Policy
Your data protection policy should have been updated in May to set out the principles and legal conditions that your organisation must satisfy when obtaining, handling, processing, transporting or storing personal data in the course of your operations and activities.
A Document Retention Policy
This should set out the periods for retention of employment records and the erasure of employment records.
Contracts of employment
A new data protection clause should also have been added to your contracts of employment when the GDPR came into force. A clause asking your employees to consent to the processing of their data will no longer be valid. The contract should instead include a clause setting out the lawful grounds on which you will process employee personal data.
Inform employees about the new regime
GDPR places greater focus on transparency. It is advisable to ensure you have explained GDPR to your employees, as well as drawing to their attention your new GDPR compliant data protection policy and privacy notice.
Need help?
Freeths is offering a package to employers to help ensure all employment documents comply with the new regulations. This is available for a fixed fee of £350 plus VAT. For more information contact Christopher Sing.
