Editor's message: Data protection is at the top of the HR agenda, with the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018.
The GDPR places a greater emphasis on accountability and being able to demonstrate that you have the procedures in place to protect your employees’ personal data rights. Even relatively small organisations will process a large amount of employee data, so you will need to invest some time and resources into data protection.
If you are thinking that Brexit may provide an excuse for not putting too much effort into compliance, you will need to reassess your approach. As an EU regulation, the GDPR applies automatically in the UK from 25 May 2018, and will then be incorporated into UK law on Brexit. In any event, being able to demonstrate high data protection standards will be essential for British organisations wanting to continue to do business with the EU in the future.
Some of the key areas of data protection that HR needs to be on top of include:
The Data Protection Act 2018 received Royal Assent on 23 May 2018. This replaces the Data Protection Act 1998, and supplements the provisions of the GDPR.
Susie Munro, senior employment law editor
Definition from the XpertHR glossary.
Updated to reflect ICO guidance on verbal subject access requests.
Updated to include information on our Employment law manual guide on data protection under the GDPR.
Updated with the addition of model documents on redundancy.
Our model policies and documents on sickness and sick pay, redundancy and variation of contract have been updated to comply with the General Data Protection Regulation (GDPR).
Revised to explain the law on data protection under the General Data Protection Regulation, including the data protection principles, legal grounds for processing personal data, requirement to provide privacy notices, rules on special categories of personal data, data subject rights and ICO fines.
HR and legal information and guidance relating to data protection.
We provide a list of model policies and documents in which the sample wording has been updated to comply with the General Data Protection Regulation (GDPR), which is in force from 25 May 2018.