What information must be provided to employees and job applicants under GDPR?
In the next in our series of blogs covering an employer’s obligations under GDPR, we now explore the information which must be provided to employees and job applicants in relation to their personal data:
Under GDPR, the information which must be provided to employees and job applicants will be more detailed than the requirements under the current data protection regime. This information must include clear and transparent details about how the individuals’ personal data is being proposed and the reasons for such processing.
The most appropriate way to provide this information will likely be by way of a Privacy Notice, issued or made available to all employees and job applicants in advance of the processing taking place. The Privacy Notice would typically include:
- the identity and details of the employer as the data controller;
- the identity of any Data Protection Office (DPO) who the employer may appoint;
- the purposes for which personal data is being processed;
- the legal basis upon which the data is being processed, including any legitimate interests being relied upon;
- the categories of personal data being processed;
- the recipients of any data;
- whether any personal data is being transferred outside of the EEA;
- the period for which it is proposed the personal data will be stored;
- details of the data subjects’ rights, including the right to be forgotten, access their personal data, rectify any mistakes within the data and the right to object to the data processing in certain circumstances.
If you need any assistance preparing a Privacy Notice or auditing your data processing activities, please get in touch with the employment team at MLP, who will be able to guide you through the process.
We will also be discussing the obligations of employers in relation to notifying employees and job applicants of their data processing activities at our seminar on the implications of GDPR on HR. The seminar is taking place at our offices in Altrincham on Wednesday 21 March 2018, from 8.30am until 10.30am. If you would like to attend, please contact us at email@example.com to secure your place.