The General Data Protection Regulations (GDPR) come into force across the EU, including the United Kingdom, on 25th May 2018 (and will stay implemented whether Brexit ever happens or not!). Updated 31st October 2018.
The purpose of the Regulations is to impose conditions on organisations who handle an individuals data to ensure the individual knows what is happening to their information and that the data is kept secure. The transfer of personal data inside the EEA will continue to be unrestricted and the general prohibition on transfer of data outside the EEA will remain.
These regulations are incredibly complex to understand in relation to their actual practical implementation and earlier in 2018 I spent a lot of time working out how this affects companies relationships with their staff and what they need to do.
The Regulations, of course, affect all the data your business processes about any individuals, not just data about your staff. E.g. other data you will need to consider how you handle, is your customer data, marketing lists, websites tracking, payment processes, delivery and this will involve reviewing third-party supplier contracts.
The new principles in the Regulations will affect your HR and Recruitment processes and you will need to make changes to your employment contracts and your Staff Handbooks and provide staff (and job applicants) with a new Privacy Notice.
If you would like my help with GDPR ‘proofing’ your staff processes and documents and data, then please let me know. It’s time consuming and complicated and you’ll need to take a deep breath!
The Information Commissioner’s Office (ICO), the UK body responsible for data privacy, has a GDPR helpline – the number is 0303 123 1113 and the helpline is open Monday to Friday, 9am to 5pm.
Further information is available at:
The ICO updated information on Special Category Data in December 2019.