The General Data Protection Regulations – GDPR – came into force on 25 May 2018. The key changes for Employers concern consent, subject access requests, and automated decision making. The GDPR requires employers to obtain a higher standard of consent from individuals to their personal data being processed. Subject access requests (where an employee requests information e.g. from their HR files) will need to be completed within one month, rather than the current 40 days.
The regulation also introduces a new right for individuals not to be subject to decisions based solely on automated processing that may have a damaging impact on them, whether legally or otherwise, for example recruitment decisions. Such decisions should have human intervention.
We recommend that clients:
1. Audit how they use employee data
2. Review their policies for handling data
3. Consider who in the organisation has responsibility for data and ensure they are trained appropriately
4. Review their contractual wording to ensure that this is in line with the requirements of the GDPR.
5. Ensure their Staff Handbooks contain Data Protection and Privacy Policies. They should also have Subject Access Request Policies.
For assistance regarding compliance with the GDPR please contact Susie Kaye via firstname.lastname@example.org
This post was written by SKHR