The General Data Protection Regulation (GDPR) came into effect on Friday 25th May 2018. There has been a massive amount of publicity around this subject with most of it relating to the processing of personal data held about customers or potential customers. But GDPR has a significant impact on businesses that employ people, and that includes workers and consultants who work for the business.
When we have conversations about GDPR with organisations and businesses, we talk about the personal data they hold on their own people. We often see the penny drop. GDPR isn't just about mailing lists and customer personal data. GDPR puts data security and privacy of employee’s personal data at the forefront of an employer’s consideration. It creates significant rights for employees in relation to their personal data and substantial penalties for an employer who breaks the law.
It's about knowing what personal data you hold about employees, knowing why you keep it, where you keep it, what you do with it, and providing information to employees about that data.
A great deal of what a business does in relation to its employees involves the processing of personal data: background checks, contracts of employment, disciplinary proceedings, grievance proceedings, annual reviews, payroll, benefits, training, sickness procedures and health records, monitoring performance, CCTV images of employees, clocking in and out, security checks, files notes, minutes of meetings, emails referring to employees (even indirectly) all of these will involve the processing of personal data. GDPR applies!
As a business, you need to make sure that you comply with GDPR. A sound, effective policy and training are the best ways to achieve this.
We believe in keeping it simple when it comes to policies. That's why we provide organisations with an easy option to becoming GDPR compliant with their obligations for employees’ personal data. You can find more information about GDPR and Employee Data in our guide below.