Employers of all sizes are legally obliged to collect and use certain categories of personal data relating to their employees and most likely hold significant amounts of personal data in their personnel records.
Such personal data is likely to include sensitive personal data (or special categories of personal data) as well as highly confidential data about their employees and other workers.
It is essential that human resources managers ensure that the data protection principles are observed in relation to the use of personal data relating to job candidates, employees, workers and leavers. Key areas for consideration include:
- What privacy provisions should contracts of employment include?
- What privacy notices should be issued to candidates and employees?
- What data protection policies should we have in place?
- How should we deal with health records?
- How should we deal with diversity and equal opportunity monitoring?
- How should we deal with reference requests?
- How do we ensure payroll information is secure?
- How should we share information with benefit providers?
- How do we respond to an employee subject access request?
- What records should we keep in relation to leavers?
- What data protection training should we provide to our employees?
Our data protection solicitors can help your human resources manager ensure that personnel records and HR processes and documentation are GDPR compliant. We are also experienced in guiding clients through the difficult process of properly responding to employee data subject access requests, particularly in the context of grievances and disputes.