GDPR: change how you process staff data

  • Data Protection
Peninsula Logo

Peninsula Group, HR and Health & Safety Experts

(Last updated )

Read our article: 'GDPR: change how you process staff data'. Contact us today for more information about our Employment Law, Health & Safety, and HR services.

General Data Protection Regulation (GDPR) is on its way, bringing big changes that come into effect on 25th May 2018. In particular, one will be choosing a legal ground to process staff’s personal data. So what does that mean in practice? Based on the current draft guidance, here we break it down for you. Getting consent from staff Pre-GDPR, getting staff consent to process personal information has been easy: add a catch-all clause in the contract or the company handbook, get them to sign it, get consent. Job done. That won’t be good enough anymore. GDPR states that your employees’ consent to data processing must be “freely given, specific, informed and unambiguous.” You must be clear and specific when getting the consent because your people must understand what they’re agreeing (or disagreeing) to. And remember, staff can withdraw consent at any time. When consent alone isn’t enough The Information Commissioner’s Office (the ICO) says that if you can’t give people a genuine choice in how you process their data, their consent is worthless. To explain further, if there’s a “clear imbalance” in the relationship between the data controller (most likely you) and the data subject (your employee), the consent isn’t reliable. Your staff may argue they felt forced into giving their consent because they feared losing their jobs. For example, say you want to start monitoring people at work. Your employees may agree because they feel like they have no other choice. That isn’t someone who freely gives you their consent. 3 more legal grounds to process data

  1. Performance of a contract, g. you’ll still need your employees’ bank details to pay them for the contractual work they do for you.
  2. Comply with legal obligations, g. the law may say you have to check criminal records.
  3. Legitimate interest. You must balance your legitimate business interests (most likely commercial benefit) with staff interests. A good example is privacy rights.

Monitoring employees’ email data could be a legitimate interest to make sure people are working. But you’ll have to prove it’s legitimate, and the data you store must be necessary and proportionate. 3 ways you must prepare

  1. Review how and where you process staff data and identify any legal basis for it.
  2. When you rely on staff consent, think about any processes you’ll need in place if someone withdraws consent.
  3. Assess whether you have the right balance between legitimate interest data processing and your employees’ rights. Think about how to avoid breaching anyone’s rights.

Bio: Alastair Brown is Chief Technical Officer of people management software company, BrightHR.

FAQs

Got a question? Check whether we’ve already answered it for you…

Related articles

  • How have you used AI in your workplace to date?

    Blog

    UK SMEs Tackle with Growing AI Risks: Survey Highlights Rising Concerns

    A recent global survey has revealed a dramatic increase of concern among UK Small and Medium-sized Enterprises (SMEs) regarding the risks associated with artificial intelligence (AI).

    Peninsula TeamPeninsula Team
    • Business Advice
  • right to disconnect

    Blog

    Are you ready? A new right to disconnect may be on the way

    A spokesperson from Downing Street has commented that the right to switch off from work is key to productivity. It could, it is hoped, boost economic growth in the UK and was part of Labour’s pre-election Plan to Make Work Pay.

    Peninsula TeamPeninsula Team
    • Employment Law
  • new law on tips

    Blog

    Top tips on the new tips law

    Change is on the way for employers that receive tips from customers; from 1 October 2024 the new tips law will require ‘qualifying tips’ to be fairly allocated to workers. It also places several other requirements on employers who deal with tips, so to help you understand the new obligations and what you need to do to prepare, here are our top tips on the new tips law.

    Peninsula TeamPeninsula Team
    • Employment Law
Back to resource hub

Try Brainbox for free today

When AI meets 40 years of Peninsula expertise... you get instant, expert answers to your HR and Health & Safety questions

Sign up to our newsletter

Get the latest news & tips that matter most to your business in our monthly newsletter.