The General Data Protection Regulation (GDPR) came into effect on Friday 25th May 2018. Publicity around this subject centred on the processing of personal data held about customers or potential customers. But GDPR isn't just about mailing lists and customer personal data. GDPR puts data security and privacy of employees' personal data at the forefront of an employer’s consideration. It creates significant rights for employees in relation to their personal data and substantial penalties for an employer who breaks the law.
Businesses hold and process a significant amount of employees' personal data: for background checks, contracts of employment, disciplinary proceedings, grievance proceedings, annual reviews, payroll, benefits, training, sickness procedures and health records, monitoring performance, CCTV images of employees, clocking in and out, security checks, files notes, minutes of meetings, emails referring to employees (even indirectly). All of these will involve the processing of personal data, and so GDPR applies.