GDPR: More model policies and documents now compliant
We have revised our model policies and documents on pay and benefits, training and development, mediation, stop and search of employees, and exit interviews and separation questionnaires to comply with the General Data Protection Regulation (GDPR), which is in force from 25 May 2018.
The GDPR requires employers to be transparent about the personal data that they hold and how it is used. They also have to show that they are complying with the GDPR's data protection principles.
Managing employees' pay and benefits is an area in which employers will frequently be gathering personal data. For example, the payroll process is a high-risk area for employers, particularly as they need to ensure that their payroll provider has safe and secure measures to process employees' personal data.
Employers could also find personal data being processed when managing employees' training, mediating disputes, stopping and searching employees, and conducting exit interviews.
We have therefore updated the following model documents in these areas:
Why review your documents?
The introduction of the GDPR means that employers should review their procedures and documentation to ensure that:
- data protection and privacy considerations are embedded;
- only the minimum amount of personal data is collected and processed for a specific purpose;
- there is a legal basis for processing personal data; and
- individuals whose personal data is being processed are provided with privacy notices.
Pay and benefits
- Policy on basic pay and pay reviews
- Bonuses policy
- Company car policy
- Payroll-giving policy
- Long-service awards policy
- Loans policy
- Form for an employee to apply for a loan
Training and development
- Performance appraisal policy
- Training and development policy
- Form for an employee to submit a request in relation to study or training
- Policy on the right to make a request in relation to study or training
- Letter responding to an employee's request in relation to study or training
GDPR data protection documents
Data protection documents to use in your GDPR compliance efforts include: