General Data Protection Regulation
The General Data Protection Regulation (GDPR) is due to come into force in the UK on 25 May 2018. The aim of the GDPR, which replaces the current Data Protection Directive, is to establish a modern and harmonised data protection framework across the EU.
On 13 September 2017, the Government introduced the Data Protection Bill in Parliament. The Bill contains provisions that supplement those in the GDPR. In addition, it provides for repeal of the Data Protection Act 1998, which currently regulates the handling of personal data.
We round up our resources that will help employers prepare for the introduction of the new data protection regime.
Look out for ...
... our on-demand webinar on data retention under the GDPR. In this webinar (held on 14 March 2018), Jo Broadbent and Stefan Martin from global law firm Hogan Lovells discussed strategies to help employers put in place data retention policies and procedures that comply with the GDPR, and answered questions.
- What is the GDPR?
- When will the GDPR take effect?
- What happens if an employer fails to comply with the GDPR when it comes into effect?
- What effect will Brexit have on the application of the GDPR to the UK?
- What restrictions will the GDPR place on employers transferring employee data outside the European Economic Area?
- What is personal data under the GDPR?
- Will there be changes to the rules on obtaining consent to process personal data under the GDPR?
- Other than consent, what legal grounds will there be for processing personal data under the GDPR?
- What information must employers supply to employees about the processing of their personal data under the GDPR?
- What data subject access rights will employees have under the GDPR?
- How will the GDPR affect the processing and retention of recruitment data by employers?
- What is the right to be forgotten under the GDPR?
- How can employers balance employees' right to be forgotten under the GDPR with the need to keep HR records?
- Will employers be able to carry out criminal records checks under the GDPR?
- Which employers are required to appoint a Data Protection Officer under the GDPR?
- What are an employer's obligations under the GDPR if it contracts with a third-party provider to process its employee data?
- What are an employer's obligations under the GDPR in relation to emails containing personal data?
- Will the GDPR affect small employers?
- Will the GDPR affect for how long employers can keep data relating to former employees?
- Do employers need to amend employees' contracts to comply with the GDPR?
- What are an employer's obligations under the GDPR in relation to the processing of sensitive personal data?
- When can employers rely on employees' consent to process their data under the GDPR?
- Will employers be able to gather and analyse information for equality monitoring purposes under the GDPR?
- Should employers ask job applicants for consent to process their data under the GDPR?
- Can an employer share HR-related data with an external supplier of HR services without the consent of the employees?
- How to determine the legal grounds for processing employee data under the GDPR
- How to manage the retention of employee data under the GDPR
- How to develop and implement a GDPR compliance programme
- How to conduct an audit of HR personal data for the GDPR
- How to start preparing for the GDPR
Policies and documents (compliant with the GDPR)
- Data protection policy
- Register of HR-related personal data
- Job applicant privacy notice
- Employee privacy notice
- Form for making a subject access request
- Letter responding to subject access request providing requested information
- Letter responding to data subject access request asking for more information
- Letter extending time to respond to a subject access request
- Letter refusing subject access request or asking for an administrative fee
- Register of subject access requests
Audio and video
- Webinar: Processing without consent - taking a deeper dive into the GDPR
- Webinar: Get ready for the GDPR - guidance for employers
- Podcast: Introduction to the GDPR
- How to gear up for GDPR and create a data privacy culture
- GDPR: an employer's guide
- New EU General Data Protection Regulation: four steps employers must take right away
- Data subject access requests: Common employer queries
- How to deal with subject access requests
Employment law manual
- ICO to offer GDPR helpline for small businesses
- Data Protection Bill unveiled
- Data protection: Post-Brexit EU partnership plan revealed
- GDPR not well understood by HR professionals
- ICO opens consultation on consent under the GDPR