Editor's message: The Data Protection Act 1998, which implements the Data Protection Directive, regulates the handling of personal data. Employers must comply with the Data Protection Act 1998 in relation to the collection, use and storage of personal information, which includes information about job applicants (such as application forms and CVs) and employees that is held on a computer.
There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices.
The EU General Data Protection Regulation (GDPR), which replaces the Data Protection Directive, is due to come into force on 25 May 2018, before the UK is expected to leave the EU. The aim of the GDPR is to establish a modern and harmonised data protection framework across the EU. One notable aspect of the GDPR is the level of fines that may be imposed for a breach. The maximum fine on an organisation is the higher of €20 million or 4% of its worldwide annual turnover. In the Queen's Speech on 21 June 2017, the Government announced that it will introduce a Data Protection Bill to establish a new data protection regime and implement the GDPR. The Bill will provide for the Data Protection Act 1998 to be repealed.
Felicity Alexander, employment law editor
While the GDPR brings risks and eye-watering penalties for non-compliance, it also brings great opportunities for firms that use it to build a healthier, more effective relationship of trust with customers and employees around data, says Barry Stanton.
More FAQs on the General Data Protection Regulation (GDPR) have been added to XpertHR.
Updated to include a reference to the Government's statement of intent on how it intends to update data protection law.
The Government has today outlined its intention for a new Data Protection Bill, to be published in September 2017, which will bring the EU's General Data Protection Regulation (GDPR) into UK law.
HR and legal information and guidance relating to data protection.