GDPR Compliance in relation to employees
GDPR harmonises data protection legislation within Europe and will update the current regime, which is over 20 years old.
GDPR introduces new rights, larger penalties and new accountability, which means the data controller is responsible for and must be able to demonstrate that they have complied with the relevant processing principles. There are real consequences if it is wrong.
So, why is GDPR relevant to a Human Resources Team?
Human Resources are responsible for handling staff data for all employees current and former as well as job applicants. Therefore, HR are at the forefront of GDPR in terms of data compliance.
To deal with the major changes it is important to have detailed policies and procedures in place because information held about employees will be under greater scrutiny than ever before.
The new regulations are providing individuals with greater freedom and access to information that is held about them including the information current and previous employers hold.
What enhanced rights do employees staff have.
The right to be informed as to how their personal data will be used.
Employees should be told what data will be held about them and how it is intended to be used. This should be outlined in a privacy policy and should be available to current employees and any candidates that have applied for a job.
The right to be forgotten under certain circumstances.
Individuals can request for the data that is held about them to be deleted, so that they can be, in other words, forgotten. The request doesn’t always have to be granted if there are justified reasons for it to be kept. For instance if an employee is dismissed the employer may wish to keep the data on record for a specified amount of time to ensure they have evidence in case they require it again in the future.
The right to access.
This gives employees the ability to request access to all of the data that is held about them by an employer (current or previous), whether it’s their bank details for payroll, email correspondence in relation to a grievance or their initial job application form.
The right to rectification of data that is inaccurate or incomplete.
If the individual believes that the information that is being held is incorrect in any shape or form, they can request for the details to be corrected.
The right to block or suppress processing of personal data.
This means that an individual can limit the way that an organisation uses their data but is not requesting the erasure of their data. This may be because they have issues with the content of the information you hold or how you have processed their data.
The right to data portability
This allows employees to obtain and reuse their personal data for their own purposes across different services under certain circumstances for example, transferring information from one bank to another.
These rights apply in certain circumstances and there will be some instances where the information must be kept or is unable to be amended. Therefore, it is vital that employers have clear policies and procedures in place that outline the collection of data, what the data will be used for, how long it will be kept for and how it will be stored. It is also important to keep a data trail to ensure any change or removal requests are simple to carry out and nothing is missed otherwise there is the risk of a data breach.
Lawson-West and GDPR Compliance
Lawson-West have an incredibly knowledgeable Employment Team and can provide you with guidance on numerous aspects the GDPR regulations, whether it’s a question regarding writing a privacy notice or dealing with a Subject Access Request, the team is always more than willing to be of assistance. Call the team today on 0116 212 1000 or visit www.lawson-west.co.uk
View the content of our recent GDPR seminar.
View all