Data protection

Felicity AlexanderEditor's message: The Data Protection Act 1998, which implements the Data Protection Directive, regulates the handling of personal data. Employers must comply with the Data Protection Act 1998 in relation to the collection, use and storage of personal information, which includes information about job applicants (such as application forms and CVs) and employees that is held on a computer.

There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices.

The EU General Data Protection Regulation, which replaces the Data Protection Directive, is due to come into force on 25 May 2018, before the UK is expected to leave the EU. The Government has confirmed that the UK will implement the Regulation. The aim of the Regulation is to establish a modern and harmonised data protection framework across the EU. One notable aspect of the Regulation is the level of fines that may be imposed for a breach. The maximum fine on an organisation is the higher of €20 million or 4% of its worldwide annual turnover.

Felicity Alexander, employment law editor

New and updated

  • Date:
    19 May 2017
    Type:
    Legal guidance

    An investment bank employee has been investigated by the Financial Conduct Authority after sharing confidential client information over WhatsApp. While a reasonable level of employee social media use at work may be acceptable, it is still important to have clear social media policies.

  • GDPR not well understood by HR professionals

    Date:
    12 May 2017
    Type:
    News

    The vast majority of HR professionals do not have a good understanding of the upcoming General Data Protection Regulation (GDPR) requirements for employers.

  • On-demand webinar: get ready for the GDPR

    Date:
    11 May 2017
    Type:
    Editor's choice

    Listen to experts Ross McKean and Katherine Gibson explain the requirements under the General Data Protection Regulation.

  • How to start preparing for the General Data Protection Regulation (GDPR)

    Type:
    How to

    Practical guidance on starting to prepare for the General Data Protection Regulation (GDPR), including understanding the main changes that will impact on HR; obtaining organisational buy-in for GDPR compliance; assembling a GDPR compliance team; and conducting a risk assessment of employee data processing practices.

  • Webinar: Get ready for the GDPR - guidance for employers

    Date:
    10 May 2017
    Type:
    Audio and video

    Although the General Data Protection Regulation does not come into force until May 2018, employers need to be preparing now. Experts Ross McKean and Katherine Gibson give practical advice for employers developing a compliance plan.

  • General Data Protection Regulation

    Date:
    10 May 2017
    Type:
    Editor's choice

    The EU General Data Protection Regulation (GDPR), which replaces the 1995 Data Protection Directive, is due to come into force in the UK on 25 May 2018. We round up our current and forthcoming resources on preparing for the GDPR.

  • Data protection

    Type:
    Employment law manual

    Updated to provide information on Dawson-Damer and others v Taylor Wessing LLP, in which the Court of Appeal considered disproportionate effort and legal professional privilege in subject access requests.

  • Date:
    20 April 2017
    Type:
    Legal guidance

    A recent legal case involving messaging service WhatsApp raises issues about monitoring employee communications. Nick Le Riche, a partner at Bircham Dyson Bell, offers practical tips on balancing employees' privacy rights with employers' need to protect confidential data.

  • Call for views on derogations from the GDPR

    Date:
    18 April 2017
    Type:
    Consultations

    The Government seeks views on derogations under the General Data Protection Regulation.

  • Case round-up

    Date:
    1 April 2017
    Type:
    Law reports

    Chris Cook is a partner and Keely Rushmore is a senior associate at SA Law. They round up the latest rulings.