This is a preview. To continue reading please log in or Register to read this article

Data protection

Original author: Ellen Temperton, Lewis Silkin LLP
Updating author: Nicky Stibbs

Summary

  • The General Data Protection Regulation (2016/679 EU) (GDPR) is in force from 25 May 2018 and imposes strict requirements on organisations around the security of, and transparency about, the personal data that they process. (See Introduction)
  • Data controllers must comply with the data protection principles in the GDPR and should adopt a "data protection by design and default" approach. (See Principles for processing personal data and Data protection by design and default)
  • For a data controller to be able to process personal data, one of the legal grounds for processing must apply. (See Legal grounds for processing personal data)
  • Consent is unlikely to be a legal ground for processing employees' personal data. (See Consent)
  • Employers can process special categories of personal data such as health records, and personal data about criminal records, only where limited conditions are satisfied. (See Special categories of personal data and Criminal convictions and offences)
  • Privacy notices must include information about the personal data that employers process and employees' rights in relation to their data. (See Privacy notices)
  • Most employers will need to record their processing activities and carry out privacy impact assessments. (See Records of processing activities and Privacy impact assessments)
  • Data controllers must report certain data protection breaches to the individual concerned and the Information Commissioner's Office. (See Handling personal data breaches)
  • Under the GDPR, data subjects have a number of rights in relation to the personal data held about them, including the right of access and the right to have data rectified or erased. (See Data subject rights)
  • Breaches of the data protection rules may attract a heavy fine. (See ICO fines)

Sector resources

Additional resources on this topic are available for the following sectors: