Make a free enquiry – Call now 0151 453 6705

or email info@threegraceslegal.co.uk

GDPR AND HR

From the 25th May 2018, to avoid the risk of breaching the General Data Protection Regulation, employer’s are obligated to take on new responsibilities, as well as updating their contracts, policies and procedures, in order to maintain compliance under the GDPR requirements.

This means employer’s must:

 Review employment contracts and consent forms

 

Introduce or update their data protection policy.

Employees should also undertake training alongside reviewing the data protection policy in order to maintain compliance.

 

Include the new data rights for employees including clear guidelines.

These rights must be stated clearly in the employee contract, and not hidden by employers.

In order to facilitate these rights, an employer must have a clear processing system in place. Therefore, it is vital that existing procedures are reviewed, in order to establish its efficiency to accommodate the new employee rights.

For example:

If an employee asks you to delete personal data, can you locate and delete this data easily and efficiently?

Or you receive a data portability request, are you able to deliver data in a structured and machine readable format?

Employers should also implicate data protection operating, audit and record systems, including details such as the logistics of training, staff processing, and regular compliance checks including the use of privacy impact assessments and privacy by design.

 

Provide details regarding Subject Access Requests (SAR)

 

Provide details of the organisation’s nominated Data Protection Officer (DPO)

 

Include information regarding the international transfer of data

Leave a Reply

Your email address will not be published. Required fields are marked *