GDPR: change how you process staff data

  • Data Protection
Peninsula Logo

Peninsula Group, HR and Health & Safety Experts

(Last updated )

Read our article: 'GDPR: change how you process staff data'. Contact us today for more information about our Employment Law, Health & Safety, and HR services.

General Data Protection Regulation (GDPR) is on its way, bringing big changes that come into effect on 25th May 2018. In particular, one will be choosing a legal ground to process staff’s personal data. So what does that mean in practice? Based on the current draft guidance, here we break it down for you. Getting consent from staff Pre-GDPR, getting staff consent to process personal information has been easy: add a catch-all clause in the contract or the company handbook, get them to sign it, get consent. Job done. That won’t be good enough anymore. GDPR states that your employees’ consent to data processing must be “freely given, specific, informed and unambiguous.” You must be clear and specific when getting the consent because your people must understand what they’re agreeing (or disagreeing) to. And remember, staff can withdraw consent at any time. When consent alone isn’t enough The Information Commissioner’s Office (the ICO) says that if you can’t give people a genuine choice in how you process their data, their consent is worthless. To explain further, if there’s a “clear imbalance” in the relationship between the data controller (most likely you) and the data subject (your employee), the consent isn’t reliable. Your staff may argue they felt forced into giving their consent because they feared losing their jobs. For example, say you want to start monitoring people at work. Your employees may agree because they feel like they have no other choice. That isn’t someone who freely gives you their consent. 3 more legal grounds to process data

  1. Performance of a contract, g. you’ll still need your employees’ bank details to pay them for the contractual work they do for you.
  2. Comply with legal obligations, g. the law may say you have to check criminal records.
  3. Legitimate interest. You must balance your legitimate business interests (most likely commercial benefit) with staff interests. A good example is privacy rights.

Monitoring employees’ email data could be a legitimate interest to make sure people are working. But you’ll have to prove it’s legitimate, and the data you store must be necessary and proportionate. 3 ways you must prepare

  1. Review how and where you process staff data and identify any legal basis for it.
  2. When you rely on staff consent, think about any processes you’ll need in place if someone withdraws consent.
  3. Assess whether you have the right balance between legitimate interest data processing and your employees’ rights. Think about how to avoid breaching anyone’s rights.

Bio: Alastair Brown is Chief Technical Officer of people management software company, BrightHR.


Got a question? Check whether we’ve already answered it for you…

Related articles

  • Tackle tax evaders


    Labour promises £555m tax crackdown if elected

    Shadow Chancellor Rachel Reeves plans a crackdown on tax evasion if Labour wins the election with proceeds to fund more GP and dentist appointments, and schools

    Peninsula TeamPeninsula Team
    • Business Advice
  • New employment laws


    70% of employers not aware of new flexible working rules

    Are you up to speed on recent changes to your employees’ rights? Many employers are not prepared

    Peninsula TeamPeninsula Team
    • Employment Law
  • gavel on books


    A word from our founder: Are you ready for April's law changes?

    New rules and employment rights are already in effect this month. And this includes changes to statutory rates, flexible working, redundancy rights, holidays, and more…

    Peter DoneGroup Managing Director and Founder
    • Employment Law
Back to resource hub

Try Brainbox for free today

When AI meets 40 years of Peninsula expertise... you get instant, expert answers to your HR and Health & Safety questions

Sign up to our newsletter

Get the latest news & tips that matter most to your business in our monthly newsletter.