Editor's message: Data protection has been at the top of the HR agenda, with the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018.
The GDPR places a greater emphasis on accountability and being able to demonstrate that you have the procedures in place to protect your employees’ personal data rights. Even relatively small organisations will process a large amount of employee data, so you will need to invest some time and resources into data protection.
If you are thinking that Brexit may provide an excuse for not putting too much effort into compliance, you will need to reassess your approach. As an EU regulation, the GDPR applies automatically in the UK, and will be incorporated into UK law on Brexit. In any event, being able to demonstrate high data protection standards will be essential for British organisations wanting to continue to do business with the EU in the future.
Some of the key areas of data protection that HR needs to be on top of include:
The Data Protection Act 2018 received Royal Assent on 23 May 2018. This replaces the Data Protection Act 1998, and supplements the provisions of the GDPR.
Susie Munro, senior employment law editor
As always, HR professionals had their fair share of employment law cases to keep track of in 2018, but what were the 10 most important judgments in 2018 that every employer should know about?
Which employment cases will have the biggest impact on HR in 2019? We assess the likely impact on employers of upcoming cases on: the national minimum wage, shared parental leave, holiday pay, restrictive covenants, collective bargaining, covert CCTV, and employment status.
Updated to reflect that the Court of Appeal dismissed the appeal in Uber BV and others v Aslam and others on 19 December 2018.
Updated to reflect a change to the Disclosure and Barring Service's sample policy on handling DBS certificate information.
We review the key employment law developments of 2018 and the impact of these for HR, including: Brexit; the GDPR; the apprenticeship levy; pay reporting; parental bereavement leave; and family-friendly policies.
A third of HR teams have admitted breaching the General Data Protection Regulation (GDPR) by failing to delete personal data about job candidates and employees who have left their organisation after data retention periods expire.
Updated to include information on Various claimants v WM Morrison Supermarkets plc, in which the Court of Appeal considered if the employer was liable for the actions of an employee who disclosed the personal data of other staff.
This week's Court of Appeal decision that Morrisons was vicariously liable for a serious data breach by a disgruntled employee has got employers worried.
In WM Morrison Supermarkets plc v Various claimants, the Court of Appeal held that the employer is vicariously liable for the criminal actions of an employee who disclosed the personal data of his fellow employees online.
HR and legal information and guidance relating to data protection.
We provide a list of model policies and documents in which the sample wording has been updated to comply with the General Data Protection Regulation (GDPR), which is in force from 25 May 2018.