Even before Uber made the headlines (for all the wrong reasons) by covering up a massive data breach, the imminent introduction of the General Data Protection Regulation (GDPR) has made data protection a hot topic.
The GDPR is a brand new regulation which will replace the Data Protection Act with effect from the 25 May 2018. You may have heard some chatter about the more sensational features of the new GDPR, such as more stringent consent requirements for processing of personal data and huge fining powers.
We, at Leathes Prior, prefer to shut out the chatter and take a practical and prepared approach to these upcoming changes. We have therefore prepared a new GDPR-ready data protection clause, which will help employers comply with data protection law both before and after May 2018 in respect of their employees.
The GDPR will introduce stringent new requirements on obtaining consent for processing personal data, and so a general clause in an employment contract requiring an employee to consent to all processing activities is unlikely to be effective. But fear not! Among general changes in terminology, this new clause highlights that, under the GDPR, consent should not be the legal basis used for the processing activities which employers are required to carry out in relation to their employees (such as payroll) – consent is not the only basis for legal processing of personal data when it comes to employees.
Transparency and accountability in data processing are a central feature of the GDPR. Our new data protection clause highlights the need for employees to notify employers of any data breach immediately (such as a lost laptop, missing mobile or even an errant email) so that you can keep accurate records and safeguard your business in the event of a breach.
Of course, employment contracts are only one piece of the puzzle when it comes to complying with the new law. For our part, we are currently in the process of reviewing our Data Protection Policy which will be available soon – so watch this space!
In the meantime, if you have any questions about amending your staff handbook or employment contracts, please contact the Employment Team on 01603 281142.
If you would like advice on the GDPR in relation to your commercial transactions and activities, please contact our Commercial Team on 01603 281165, for a no obligation quote.
Note: the content of this article is for general information only and does not constitute legal advice. Specific legal advice should be taken in any specific circumstance.