GDPR: Do employers need to update their data protection policies to make them GDPR compliant?
As part of our series of short blogs about the General Data Protection Regulations and what impact they will have on employers, we look at whether employers need to update their data protection policy.
We recommend that employers review the documents they have in place in relation to data protection. It is likely that any existing data protection policies has been drafted with employer’s obligations under the Data Protection Act 1998 in mind and therefore, will need updating or replaced.
We would recommend the following:
Privacy Notice – used to notify employees, workers and contractors about the personal data that you hold relating to them, how they can expect their personal data to be used and for what purposes.
Privacy Standard – to be used in place of a Data Protection Policy to set out the principles and legal conditions that you must satisfy when obtaining, handling, processing, transporting or storing personal data in the course of your operations and activities, including customer supplier and employee data.
Record of Processing Activities – to be used as a record of processing activities, including customer, supplier and employee data.
Data Protection Impact Assessment – to be used to evaluate the potential impact of high risk data processing activities, as required under Article 35 GDPR.
Our employment experts can assist with the review of your existing documents and replacing them with GDPR compliant documents.
GDPR is going to have a huge impact on the data stored and processed by employers about their employees and job applications. If you would like to attend one of our free GDPR: What are your obligations as an employer? Seminars, please contact us on firstname.lastname@example.org or call us on 0161 926 9969 to sign up.