All items: Personal data

How to obtain and use medical reports on employees

Updated to reflect that the ICO has published guidance for employers on when they can collect information through medical examinations (which replicates guidance previously contained in the withdrawn Employment practices data protection code).
How to review your organisation's compliance with the UK GDPR

Practical guidance on reviewing your organisation's compliance with the UK GDPR, including reviewing data protection policies and documents, third-party data processor contracts and subject access procedures.
How to respond to subject access requests from employees under the UK GDPR

Updated to reflect the ICO's guidance on fees to cover the cost of responding to manifestly unfounded or excessive requests.
How to manage the retention of employee data under the UK GDPR

Updated to reflect a change to the Disclosure and Barring Service's sample policy on handling DBS certificate information.
How to conduct an audit of HR personal data for the UK GDPR

Practical guidance on auditing HR-related personal data as part of an organisation's ongoing UK GDPR compliance efforts, including establishing the scope of the audit and understanding how the information collected can be used to identify compliance gaps.
How to determine the legal grounds for processing employee data under the UK GDPR

Practical guidance on identifying the legal bases for processing employee data under the General Data Protection Regulation (GDPR), including recognising the most relevant grounds for employers: performance of the employment contract, compliance with a legal obligation and the employer's legitimate interests.

About this category

Practical step-by-step advice on how to manage workplace situations relating to personal data.

How to

All items: Personal data

How to obtain and use medical reports on employees

How to review your organisation's compliance with the UK GDPR

How to respond to subject access requests from employees under the UK GDPR

How to manage the retention of employee data under the UK GDPR

How to conduct an audit of HR personal data for the UK GDPR

How to determine the legal grounds for processing employee data under the UK GDPR

About this category

Explore XpertHR

Learn more

Get in touch

Connect with us