Data protection

Felicity AlexanderEditor's message: The Data Protection Act 1998, which implements the Data Protection Directive, regulates the handling of personal data. Employers must comply with the Data Protection Act 1998 in relation to the collection, use and storage of personal information, which includes information about job applicants (such as application forms and CVs) and employees that is held on a computer.

There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices.

The EU General Data Protection Regulation (GDPR), which replaces the Data Protection Directive, is due to come into force on 25 May 2018, before the UK is expected to leave the EU. The aim of the GDPR is to establish a modern and harmonised data protection framework across the EU. One notable aspect of the GDPR is the level of fines that may be imposed for a breach. The maximum fine on an organisation is the higher of €20 million or 4% of its worldwide annual turnover. In the Queen's Speech on 21 June 2017, the Government announced that it will introduce a Data Protection Bill to establish a new data protection regime and implement the GDPR. The Bill will provide for the Data Protection Act 1998 to be repealed.

Felicity Alexander, employment law editor

New and updated

  • Date:
    21 June 2017
    Type:
    Legal guidance

    It is easy to view GDPR as just another compliance challenge, but HR can play a crucial role in ensuring everyone in the organisation contributes to a data privacy-friendly culture, says Sarah Thompson.

  • Data protection

    Type:
    Employment law manual

    Updated to include a reference to the Government's announcement in the Queen's Speech that it will introduce a Data Protection Bill.

  • Podcast: Primer on the General Data Protection Regulation (GDPR)

    Date:
    9 June 2017
    Type:
    Audio and video

    Although organisations are increasingly aware of the new requirements under the EU General Data Protection Regulation (GDPR), many are not sure how the GDPR will affect the HR function. We discuss how HR will contribute to the GDPR compliance process.

  • Date:
    19 May 2017
    Type:
    Legal guidance

    An investment bank employee has been investigated by the Financial Conduct Authority after sharing confidential client information over WhatsApp. While a reasonable level of employee social media use at work may be acceptable, it is still important to have clear social media policies.

  • GDPR not well understood by HR professionals

    Date:
    12 May 2017
    Type:
    News

    The vast majority of HR professionals do not have a good understanding of the upcoming General Data Protection Regulation (GDPR) requirements for employers.

  • On-demand webinar: get ready for the GDPR

    Date:
    11 May 2017
    Type:
    Editor's choice

    Listen to experts Ross McKean and Katherine Gibson explain the requirements under the General Data Protection Regulation.

  • How to start preparing for the General Data Protection Regulation (GDPR)

    Type:
    How to

    Practical guidance on starting to prepare for the General Data Protection Regulation (GDPR), including understanding the main changes that will impact on HR; obtaining organisational buy-in for GDPR compliance; assembling a GDPR compliance team; and conducting a risk assessment of employee data processing practices.

  • Webinar: Get ready for the GDPR - guidance for employers

    Date:
    10 May 2017
    Type:
    Audio and video

    Although the General Data Protection Regulation does not come into force until May 2018, employers need to be preparing now. Experts Ross McKean and Katherine Gibson give practical advice for employers developing a compliance plan.

  • General Data Protection Regulation

    Date:
    10 May 2017
    Type:
    Editor's choice

    The EU General Data Protection Regulation (GDPR), which replaces the 1995 Data Protection Directive, is due to come into force in the UK on 25 May 2018. We round up our current and forthcoming resources on preparing for the GDPR.

  • Date:
    20 April 2017
    Type:
    Legal guidance

    A recent legal case involving messaging service WhatsApp raises issues about monitoring employee communications. Nick Le Riche, a partner at Bircham Dyson Bell, offers practical tips on balancing employees' privacy rights with employers' need to protect confidential data.