GDPR: change how you process staff data

  • Data Protection
Peninsula Logo

Peninsula Group, HR and Health & Safety Experts

(Last updated )

Read our article: 'GDPR: change how you process staff data'. Contact us today for more information about our Employment Law, Health & Safety, and HR services.

General Data Protection Regulation (GDPR) is on its way, bringing big changes that come into effect on 25th May 2018. In particular, one will be choosing a legal ground to process staff’s personal data. So what does that mean in practice? Based on the current draft guidance, here we break it down for you. Getting consent from staff Pre-GDPR, getting staff consent to process personal information has been easy: add a catch-all clause in the contract or the company handbook, get them to sign it, get consent. Job done. That won’t be good enough anymore. GDPR states that your employees’ consent to data processing must be “freely given, specific, informed and unambiguous.” You must be clear and specific when getting the consent because your people must understand what they’re agreeing (or disagreeing) to. And remember, staff can withdraw consent at any time. When consent alone isn’t enough The Information Commissioner’s Office (the ICO) says that if you can’t give people a genuine choice in how you process their data, their consent is worthless. To explain further, if there’s a “clear imbalance” in the relationship between the data controller (most likely you) and the data subject (your employee), the consent isn’t reliable. Your staff may argue they felt forced into giving their consent because they feared losing their jobs. For example, say you want to start monitoring people at work. Your employees may agree because they feel like they have no other choice. That isn’t someone who freely gives you their consent. 3 more legal grounds to process data

  1. Performance of a contract, g. you’ll still need your employees’ bank details to pay them for the contractual work they do for you.
  2. Comply with legal obligations, g. the law may say you have to check criminal records.
  3. Legitimate interest. You must balance your legitimate business interests (most likely commercial benefit) with staff interests. A good example is privacy rights.

Monitoring employees’ email data could be a legitimate interest to make sure people are working. But you’ll have to prove it’s legitimate, and the data you store must be necessary and proportionate. 3 ways you must prepare

  1. Review how and where you process staff data and identify any legal basis for it.
  2. When you rely on staff consent, think about any processes you’ll need in place if someone withdraws consent.
  3. Assess whether you have the right balance between legitimate interest data processing and your employees’ rights. Think about how to avoid breaching anyone’s rights.

Bio: Alastair Brown is Chief Technical Officer of people management software company, BrightHR.

FAQs

Got a question? Check whether we’ve already answered it for you…

Related articles

  • polling station

    Blog

    What could a general election mean for employment law?

    Here's what the big three have each vowed to do should they come away with an election win.

    Peninsula TeamPeninsula Team
    • Employment Law
  • NIC

    Blog

    Conservatives plan NICs abolition for self employed

    After a difficult week, PM Rishi Sunak has set out a raft of tax measures at the Conservative manifesto launch with plans to abolish main NICs rate for four million self employed workers

    Peninsula TeamPeninsula Team
    • Employment Law
  • Global survey results

    Blog

    UK Lagging in Mental Health Conversations: A Wake-Up Call for Employers

    The UK is diverging from this global trend, with a 4% decrease in employees speaking out about mental health issues.

    Peninsula Team Peninsula Team
    • Business Advice
Back to resource hub

Try Brainbox for free today

When AI meets 40 years of Peninsula expertise... you get instant, expert answers to your HR and Health & Safety questions

Sign up to our newsletter

Get the latest news & tips that matter most to your business in our monthly newsletter.