General Data Protection Regulation

The General Data Protection Regulation (GDPR) is now in force in the UK (from 25 May 2018). The aim of the GDPR is to establish a modern and harmonised data protection framework across the EU. The new framework imposes strict duties on employers in relation to the processing of personal data, with potentially very large fines for a breach of the rules (up to €20 million, or 4% of the organisation's total worldwide annual turnover if higher). The Data Protection Act 2018 received Royal Assent on 23 May 2018 and supplements the GDPR in the UK in certain areas.

Our range of resources can help you with your compliance work. We have model documents (such as an Employee privacy notice and Job applicant privacy notice), and practical guidance (see for example How to determine the legal grounds for processing employee data under the GDPR).

Look at ...

... our Employment law manual, which explains the law on data protection under the GDPR. The guidance describes the rules under the new framework, including those relating to the legal grounds for processing personal data, provision of privacy notices, dealing with special categories of personal data and data subject rights.

Below we list our new GDPR-compliant model policies and documents as well as our other GDPR resources.

Policies and documents (compliant with the GDPR)

Other GDPR resources

The basics

The legal grounds for processing data

Processing activities

Third-party processing

Data retention and erasure

Subject access requests

Special categories of personal data