Editor's message: The Data Protection Act 1998, which implements the Data Protection Directive, regulates the handling of personal data. Employers must comply with the Data Protection Act 1998 in relation to the collection, use and storage of personal information, which includes information about job applicants (such as application forms and CVs) and employees that is held on a computer.
There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices.
The EU General Data Protection Regulation (GDPR), which replaces the Data Protection Directive, is due to come into force on 25 May 2018, before the UK is expected to leave the EU. The aim of the GDPR is to establish a modern and harmonised data protection framework across the EU. One notable aspect of the GDPR is the level of fines that may be imposed for a breach. The maximum fine on an organisation is the higher of €20 million or 4% of its worldwide annual turnover. The Government has introduced a Data Protection Bill to establish a new data protection regime and implement the GDPR. The Bill provides for the Data Protection Act 1998 to be repealed.
Felicity Alexander, employment law editor
Register for our live webinar, which takes place on 6 December 2017, in which we will discuss the legal grounds for processing employee personal data under the General Data Protection Regulation (GDPR).
Employee surveillance is becoming ever more pervasive in the workplace. New technologies make it easier to monitor employee performance and behaviour. Ian MacRae and Toni-Ann Murphy look at some of the potential problems.
We have added a new task to XpertHR with links to our resources to help you prepare for the General Data Protection Regulation (GDPR).
Court decisions from earlier this year have reduced the scope of legal privilege when it comes to protecting documents created during internal investigations. What steps can employers take to ensure sensitive communications do not have to be released unnecessarily?
The Information Commissioner's Office (ICO) will launch a number of support features to help small businesses to prepare for the General Data Protection Regulation (GDPR).
Practical guidance on auditing HR-related personal data as part of an organisation's GDPR compliance efforts, including establishing the scope of the audit and understanding how the information collected can be used to identify compliance gaps.
Updated to include information on the requirements for processing sensitive personal data and data relating to criminal records under the Data Protection Bill.
HR and legal information and guidance relating to data protection.