New law: Employers review Data Privacy Notices for employees as GDPR looms
Employers should identify who will need a Data Privacy Notices (DPN), determine what should be in them, and revisit their processes and procedures and staff training, to ensure the right individuals receive a DPN at the right time, in readiness for the General Data Protection Regulation (GDPR).
The GDPR is an EU Regulation that strengthens and unifies data protection for individuals within the EU and regulates the export of personal data outside the EU. Its aim is to give citizens control over their personal data and simplify the regulatory environment for international business. It will replace the UK's current data protection laws. As it is an EU Regulation the GDPR has direct effect – there is no need for enabling UK law. The proposed introduction date is 25 May 2018.
The GDPR requires employers to give job applicants, employees and workers a DPN (sometimes called a fair processing notice) which explains very clearly how their personal data is processed. Further DPNs are required if the processing changes.
DPNs provided under existing data protection rules will usually be too brief to comply with the new GDPR rules. The new rules require that employees, job applicants and workers are told, for example:
which personal data about them is being processed
what the employer is going to do with it
the legal justification for doing so
whether the data was obtained from a third party (such as a doctor or recruitment agency)
where it will store the data
how long the personal data will be kept,
whether the data will be transferred overseas, and
the individual's rights in relation to the data
If the DPN is also to be used to obtain consent from the employee to the use of their data, there are different, additional requirements in relation to such consent.
Employers should identify who will need a DPN, determine what should be in them, and revisit their processes and procedures and staff training, to ensure the right individuals receive a DPN at the right time, in light of the upcoming GDPR
ã Atom Content Marketing 2017
Prompt, efficient and clear communication, helped provide a clear understanding of the issues and situation
Authorised and Regulated by The Solicitors Regulation Authority. Authority number 591294.
For details of the professional rules governing the conduct of solicitors go to www.sra.org.uk/code-of-conduct.page