Editor's message: The Data Protection Act 1998, which implements the Data Protection Directive, regulates the handling of personal data. Employers must comply with the Data Protection Act 1998 in relation to the collection, use and storage of personal information, which includes information about job applicants (such as application forms and CVs) and employees that is held on a computer.
There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices.
The EU General Data Protection Regulation (GDPR), which replaces the Data Protection Directive, is due to come into force on 25 May 2018, before the UK is expected to leave the EU. The aim of the GDPR is to establish a modern and harmonised data protection framework across the EU. One notable aspect of the GDPR is the level of fines that may be imposed for a breach. The maximum fine on an organisation is the higher of €20 million or 4% of its worldwide annual turnover. In the Queen's Speech on 21 June 2017, the Government announced that it will introduce a Data Protection Bill to establish a new data protection regime and implement the GDPR. The Bill will provide for the Data Protection Act 1998 to be repealed.
Felicity Alexander, employment law editor
FAQs answering your questions on the General Data Protection Regulation (GDPR) have been added to XpertHR.
EU-derived legislation such as the Working Time Directive, TUPE and the General Data Protection Regulation (GDPR) will continue to apply once the UK formally leaves the union, it has been confirmed.
It is easy to view GDPR as just another compliance challenge, but HR can play a crucial role in ensuring everyone in the organisation contributes to a data privacy-friendly culture, says Sarah Thompson.
HR and legal information and guidance relating to data protection.