How to determine the legal grounds for processing employee data under the General Data Protection Regulation (GDPR)
Author: Jo Broadbent
Click on any of the hyperlinks to go to more detailed guidance below.
- Understand that employers need a legal basis to process employee data.
- Be aware that consent is unlikely to be an adequate legal basis for processing employee data.
- Ensure familiarity with the legal grounds for processing available under the GDPR.
- Recognise which legal grounds are most likely to apply in the employment context.
- Understand that additional conditions apply if your organisation wants to process special categories of data or data relating to criminal records.
- Conduct an HR personal data audit, identifying the reasons for processing each category of data.
- Assess which legal bases for processing apply in relation to each category of data.
- Be aware of steps to take once the legal basis for processing different types of data is established.