Topics

Data protection

Susie Munro

Editor's message: Data protection has been at the top of the HR agenda, with the introduction of the General Data Protection Regulation (GDPR) last year.

The GDPR places a greater emphasis on accountability and being able to demonstrate that you have the procedures in place to protect your employees’ personal data rights. Even relatively small organisations will process a large amount of employee data, so you will need to invest some time and resources into data protection.

If you are thinking that Brexit may provide an excuse for not putting too much effort into compliance, you will need to reassess your approach. As an EU regulation, the GDPR applies automatically in the UK, and will be incorporated into UK law on Brexit. In any event, being able to demonstrate high data protection standards will be essential for British organisations wanting to continue to do business with the EU in the future.

Some of the key areas of data protection that HR needs to be on top of include:

  • providing your employees and other data subjects with privacy notices, setting out specified information about how you will use the information you gather on them;
  • ensuring that you have the right processes in place to deal with special category data lawfully – this is sensitive information about, for example, your employees’ health, race or trade union membership;
  • being ready to respond to data subject access requests from employees, job applicants or others; and
  • ensuring that third-party data processors, such as benefits providers, have appropriate security measures in place to protect the personal data of your employees.

The Data Protection Act 2018 received Royal Assent on 23 May 2018. This replaces the Data Protection Act 1998, and supplements the provisions of the GDPR.

Susie Munro, senior employment law editor

New and updated

  • Cases on appeal

    Type:
    Law reports

    Updated to reflect that the Court of Appeal allowed the appeal in Kostal UK Ltd v Dunkley and others.

  • Date:
    24 May 2019
    Type:
    Legal guidance

    This weekend marks a year since the introduction of the General Data Protection Regulation. Tim Bird examines how worrying gaps in data protection could be hampering the growth of many promising businesses.

  • Podcast: GDPR update - current data protection issues for HR

    Date:
    14 May 2019
    Type:
    Audio and video

    We discuss the continuing impact of the GDPR, including potential enforcement action, the use of artificial intelligence in the recruitment process and how Brexit may affect the transfer of data between the EEA and the UK.

  • Date:
    10 May 2019
    Type:
    Legal guidance

    There are major data privacy implications of criminal records checks made necessary by the Senior Managers and Certification Regime, an issue that will affect about 50,000 firms in the financial services sector from 9 December 2019 onwards. Solicitors David Palmer and David Lorimer examine how compliance and HR teams can help meet businesses' obligations under both the GDPR and SMCR.

  • Date:
    2 May 2019
    Type:
    Legal guidance

    As Morrisons is granted permission to appeal its vicarious liability case, where a rogue employee leaked its employees' personal data, James Castro-Edwards examines the impact it has in light of the General Data Protection Regulation (GDPR).

  • Date:
    29 April 2019
    Type:
    Legal guidance

    Even if an employer is confident that theft or other offences are taking place in the workplace there are plenty of factors to consider before surveillance cameras are installed, writes Louise Lawrence, looking at how UK law ties in with European law.

  • Data protection

    Type:
    Employment law manual

    Updated to reflect that the Government has agreed a further postponement to the Brexit date with the EU.

  • Date:
    11 January 2019
    Type:
    Legal guidance

    As always, HR professionals had their fair share of employment law cases to keep track of in 2018, but what were the 10 most important judgments in 2018 that every employer should know about?

  • Podcast: Key employment cases for 2019

    Date:
    11 January 2019
    Type:
    Audio and video

    Which employment cases will have the biggest impact on HR in 2019? We assess the likely impact on employers of upcoming cases on: the national minimum wage, shared parental leave, holiday pay, restrictive covenants, collective bargaining, covert CCTV, and employment status.

  • How to manage the retention of employee data under the General Data Protection Regulation (GDPR)

    Type:
    How to

    Updated to reflect a change to the Disclosure and Barring Service's sample policy on handling DBS certificate information.