The General Data Protection Regulation (GDPR) came into effect on Friday 25th May 2018. There was a massive amount of publicity around this subject with most of it relating to the processing of personal data held about customers or potential customers. But GDPR has a significant impact on businesses that employ people, including workers and consultants who work for the business.
A great deal of what a business does in relation to its employees involves the processing of personal data: background checks, contracts of employment, disciplinary proceedings, grievance proceedings, annual reviews, payroll, benefits, training, sickness procedures and health records, monitoring performance, CCTV images of employees, clocking in and out, security checks, files notes, minutes of meetings, emails referring to employees (even indirectly). All of these will involve the processing of personal data, and so GDPR applies.