Staying compliant with data protection law is essential for all employers, not only to meet legal obligations but also to maintain employee trust and avoid significant penalties.
Joanne Henderson, Partner in the Myerson Solicitors Employment Law Team and a data protection specialist, has provided her top ten tips for employers on their obligations under the Data Protection Act 2018 and the UK General Data Protection Regulation.
Employers should have an up to date and accessible Privacy Notice for employees and job candidates, clearly and comprehensively explaining what personal data is held, how it is used and why. Privacy Notices should also detail the rights that individuals have in relation to their personal data.
Employers should regularly audit of what categories of personal data is collected and retained in relation to employees in order to ensure that personal data is lawfully held and processed.
Criminal conviction data is a separate category of data, and there are specific rules around this. It is only lawful to collect and store criminal conviction data in specific, limited circumstances.
Health data is also a special category of data, but employers may have a legitimate reason for processing health data in order to ensure they are meeting their health and safety and other obligations. However, given the sensitive nature of such data, additional controls must be established to ensure lawful processing.
Employee data must be accurate, so employers should establish practices to regularly verify and update employee personal data to make sure it is up to date.
Employers may be required to share personal data with third parties such as payroll and benefits providers. Employee Privacy Notices should expressly state how and with whom data is shared. It is essential that employers have in place adequate arrangements with third parties to ensure the security and lawful processing of employee personal data.
DSARs are a commonly exercised right of individuals, including employees. Recognising and responding to DSARs within the appropriate time frame is a key aspect of data protection compliance. Managers and HR teams should receive training on how to recognise and respond to a DSAR. Systems should be established to support a timely response.
Breaches of security, such as loss, damage or unauthorised disclosure of data, can cause financial loss, risks to personal safety and distress and ultimately claims from individuals. Personal data should always be held securely, for example, by using access controls and password protection.
DPIAs are a useful tool to assess data protection risks and identify the means to address those risks. DPIAs also evidence that an employer has considered and managed data protection risks in the event of any subsequent complaint or claim.
10. Compliance Training
Education and training are fundamental to any compliance initiative. All employees should be trained on data protection issues and, in particular, data security. Managers should be specifically trained to understand the data protection principles underpinning record keeping, recruitment, performance management and absence management.
Is your HR team up to date with the latest data protection requirements? Ensuring compliance with the UK GDPR and the Data Protection Act 2018 is essential for all businesses.
If you need guidance on HR data protection policies and compliance, contact Myerson’s Employment Law team on:
As the Employment Rights Bill moves closer to becoming law, the government has published its much-anticipated implementation roadmap, offering a clearer picture of when significant changes to UK employment law will take effect. The Employment...
Read Blog
Staying compliant with data protection law is essential for all employers, not only to meet legal obligations but also to maintain employee trust and avoid significant penalties. Joanne Henderson, Partner in the Myerson Solicitors Employment Law...
Read Blog
Restrictive covenants are increasingly common in contracts for senior executives and professionals, but they are often overlooked until a dispute arises. Our Employment Solicitors explain what restrictive covenants are, how they work, and when to...
Read Blog
In recent years, working models have become increasingly varied, with organisations routinely departing from traditional employee/employer arrangements. This is particularly the case for the agricultural sector, which, given the varying and...
Read Blog
From 26 October 2024, employers have faced increased obligations to take proactive steps to identify and prevent sexual harassment at work. Our employment lawyers reflect on the legal developments since October 2024 and examine what employers...
Read Blog
The return of ITV’s Malpractice for a second season has gripped viewers once again with its tense, emotionally charged portrayal of life inside a pressured NHS hospital. This time, the spotlight turns sharply onto whistleblowing, as a medical...
Read Blog
Jack is a Senior Associate in our Employment Team and Head of Myerson's Hospitality and Leisure sector.
Jack has over 7 years of experience acting as an Employment solicitor. Jack has specialist expertise in redundancy, disciplinary and grievance procedures, terminations, settlement agreements and restrictive covenants.
About Jack Latham