The GDPR comes into force in the UK on the 25th May 2018. It has given rise to a lot of publicity and concern about its impact for employers, but what are the practical implications from an HR perspective?
This article is the first in a series we will be producing over the next few weeks providing information and practical advice on the GDPR for employers and aims to provide a straightforward and manageable process for compliance.
This first article will introduce the GDPR and the key changes it implements:
The General Data Protection Regulation is the new European Union regulation on data protection and will replace the current rules on 25th May 2018. It will be brought into force in the UK by way of the Data Protection Act 2018 which will replace the Data Protection Act 1998.
The Information Commissioners Office will remain the UK enforcement authority for data protection.
What are the key changes to the law on data protection?
Under the current law most organisations holding and processing personal data (including employers) rely on the consent of the individual to do so (you will see wording to this effect in most employment contracts).
Although consent can still be relied on under the GDPR it will be more difficult to rely on and can be revoked by the employee at any point. Therefore it is recommended that employers rely on different lawful reasons for processing personal data going forward. The key ones for HR purposes are:
Our next article will cover this in more detail.
The GDPR strengthens the law on informing individuals about why and how their data will be processed and what their rights are. Privacy notices must be:
Our third article will explain what a privacy notice should contain.
Employees are already allowed access to their personal data by making a subject access request but the GDPR changes the rules in relation to responding to a request.
From 25th May employer will no longer be able to charge an employee for responding to a request and will only have one month to comply (currently 40 days).
Our fourth article will explain how employers should deal with subject access requests.
The GDPR introduces a new requirement for organisations to demonstrate how they are complying with their data protection responsibilities – previously action was only taken where there had been an actual breach.
Therefore employers will need to be able to show what measures they are taking to protect and properly process employee information.
Our final article will provide a strategy for doing just this.
By Guy Woodcock
If you don't have Microsoft Office, or Microsoft Word installed on your PC or Mac, don't worry - you can still use our products. You can get a free alternative from Open Office.
Open Office Org is open-source developed alternative to Microsoft Office, developed by a large software company called Oracle. Open Source means the company who build the software, allow 100% use of it, 100% free.
Since Open Office is specifically developed to be exactly the same as Microsoft Office, with all the same programs in the suite (Eg: Word, Excel, Access and Power Point) - it will freely open any Microsoft Office file-format. Meaning, just because a document was written in Microsoft Word, doesn't mean it can't be opened in another program. Open Office will do that, and vise versa.
To download and install Open Office;