GDPR: More model policies and documents now compliant

We have revised our model policies and documents on pay and benefits, training and development, mediation, stop and search of employees, and exit interviews and separation questionnaires to comply with the General Data Protection Regulation (GDPR), which is in force from 25 May 2018.

The GDPR requires employers to be transparent about the personal data that they hold and how it is used. They also have to show that they are complying with the GDPR's data protection principles.

Managing employees' pay and benefits is an area in which employers will frequently be gathering personal data. For example, the payroll process is a high-risk area for employers, particularly as they need to ensure that their payroll provider has safe and secure measures to process employees' personal data.

Employers could also find personal data being processed when managing employees' training, mediating disputes, stopping and searching employees, and conducting exit interviews.

We have therefore updated the following model documents in these areas:

Why review your documents?

The introduction of the GDPR means that employers should review their procedures and documentation to ensure that:

  • data protection and privacy considerations are embedded;
  • only the minimum amount of personal data is collected and processed for a specific purpose;
  • there is a legal basis for processing personal data; and
  • individuals whose personal data is being processed are provided with privacy notices.

Pay and benefits

Training and development

Mediation

GDPR data protection documents

Data protection documents to use in your GDPR compliance efforts include:

Protecting your business

Exit interviews and separation questionnaires