Do employers need to amend employees' contracts to comply with the General Data Protection Regulation (GDPR)?
No, employers were not required to amend the contracts of existing employees to comply with the General Data Protection Regulation (GDPR) when it came into force on 25 May 2018. However, employers must issue a privacy notice to existing and new employees, providing information on the processing of their personal data (and overriding any invalid data protection clauses in existing contracts). The GDPR specifies the information that the employer must provide in the privacy notice (also known as an information notice or fair processing notice). The information includes the purposes for which the employer will process the employee's personal data, the legal bases for the processing, information about the retention period and information about the employee's rights as a data subject.