Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

You are hereHome / GDPR’s first birthday – how have you faired as an employer?

Katy Cobbold HR Director

1 May 2019

What are the key principles of GDPR?

  • Personal data should be processed fairly, lawfully and in a transparent manner.
  • Data should be obtained for specified and lawful purposes and not further processed in a manner that is incompatible with those purposes.
  • The data should be adequate, relevant and not excessive.
  • The data should be accurate and where necessary kept up to date.
  • Data should not be kept for longer than necessary.
  • Data should be kept secure.

Under GDPR what information must you, as an employer provide?

  • The identity and contact details of the employer as the data controller;
  • the data protection officer’s (DPO) contact details (if the organisation has a DPO);
  • the purposes for which the data will be processed and the legal bases for processing;
  • where the legal basis for processing is the legitimate interests of the employer or a third party, the legitimate interests relied on;
  • the recipients, or categories of recipients, of the data, if any;
  • details of any transfer of the data outside the European Economic Area and the relevant safeguards in place;
  • the period for which the data will be stored, or if it is not possible to specify the retention period, the criteria used to determine the period;
  • the data subject’s rights to request access to, rectification or erasure of data; to request restriction of processing; or to object to processing;
  • the right to data portability;
  • where the legal basis for processing is consent, the right to withdraw consent at any time;
  • the right to lodge a complaint with the supervisory authority;
  • whether or not the provision of personal data is a statutory or contractual requirement, and the possible consequences of failure to provide the data; and
  • the existence of any automated decision-making and profiling, and the consequences for the data subject.

What can you do to ensure GDPR compliance relating to employees?

Some elements are size dependant such as appointing a Data Protection Officer, however as a minimum every employer should have basic polices, privacy notices and registers in place relating to their handling and retention of employee data.

For an HR audit, basic advice or documentation regarding the management of your employee’s in relation to GDPR please contact katy.cobbold@wilsonwright.co.uk.

Tags: