Data protection is about making sure that personal data about staff isn’t misused. In the digital age, this has become even more of a challenge, because big files of data can be sent around the world at the click of a button.
Employers who ignore their data protection duties can face reputational damage, big fines and even criminal prosecution. For employees, the misuse of their personal data can cause serious harm and privacy breaches.
The GDPR is a set of data protection laws which apply across the EU. Even though the UK is no longer part of the EU, the GDPR remains in force here through the Data Protection Act 2018.
The GDPR aims to improve the level of control and rights that individuals have over their personal data. It also sets out how an employer should go about using the personal data of its staff.
It’s important for employers to get these documents in place, drafted correctly and updated when necessary. Our employment solicitors are hugely experienced in drafting and updating these documents.
Technically, only if an employer is a public authority or if they carry out large-scale monitoring of staff or large-scale use of criminal or health data. However, it’s good practice for every employer to appoint someone to be responsible for data protection within their organisation. This person can be responsible for keeping documents like data protection policies and privacy notices up to date and also be the contact for any data breaches.
A subject access request is when an employee (or former employee) makes a written request for all information that their employer (or former employer) holds about them. Within 1 month of receiving a request, an employer must send to the employee copies of the information and documents requested. If the request is complex, the employer can have an extra 2 months to comply.
A data breach happens when an employer shares an employee’s personal data in a way that is unauthorised.
A record should be kept internally of all data breaches. However, for more serious breaches, the employer will also need to inform the Information Commissioner’s Office.
Yes, there are potential fines and criminal sanctions for employers who breach GDPR.
If you need any advice on data protection or the GDPR in the workplace, please contact a member of our employment law team in confidence here or on 02920 829 100 for a free initial call to see how they can help.
To speak to one of our experts today, please contact us on 02920 829 100 or by using our Contact Us form for a free initial chat to see how we can help.
02920 829 100 
