Do employment contracts need amending under GDPR?

  • Employment Contract
two employees shaking hands
Peninsula Logo

Peninsula Group, HR and Health & Safety Experts

(Last updated )

The Leading HR, Employment Law and Health & Safety Consultancy Firm. We Have Helped Over 29,000 Clients With Expert Advice & Service.

The implementation of the EU’s General Data Protection Regulation (GDPR) from 25th May 2018 has raised a number of administrative concerns from employers who are seeking full compliance with new data laws, especially due to the significant increase in penalties for non-compliance. A common question is whether GDPR requires contracts of employment to be amended. With existing employees, each contract of employment is likely to make reference to processing of information under the Data Protection Act or outline that the employee provides their consent for various forms of data processing. Under GDPR, these blanket consent clauses are likely to be unenforceable due to the requirement for consent to be unambiguous, specific, informed and freely given. Rather than update each existing contract, employers can instead issue a GDPR compliant privacy notice to employees. The notice is used as a method of meeting the individual’s right to be informed and will also supersede any invalid and outdated clauses in the contract. The notice provides the employee with information about how their data is processed, including specifying the lawful bases for processing, whether data is shared, how long data will be retained for and the employee’s rights in relation to their personal data. Where new employees are issued contracts from the date of implementation, these can be updated versions in line with GDPR. The privacy notice should still be given to the employee, however as this is an simple way of providing the employee with full advice and guidance about what GDPR means for them and their personal data within the business. Alongside employment contracts, most employee handbooks will contain specific references to data protections rules and legislation. Additionally, a data protection policy may be in place to outline the current processes and procedures about the business’s use of data. Handbooks will need to be updated, either through inputting amendments into the existing handbook, creating new policies and clauses, or using a variation of terms letter to outline where specific wording or clauses are being overwritten. Once updated, the handbook needs to be reissued to all members of staff to ensure they have accessed and read the most up-to-date version. Making a formal note of the date this occurs and to whom the handbook is provided will be useful evidence if a dispute crops up in the future. Having each employee sign a notice stating they have received, read and understood each version of the handbook will also be a useful, although administratively burdensome, record.


Got a question? Check whether we’ve already answered it for you…

Related articles

  • Guide

    Drugs and alcohol policy

    In this guide, we'll look at the risks associated with drug and alcohol misuse in the workplace, how to limit them and how to support staff struggling with substance misuse.

    Peninsula GroupHR and Health & Safety Experts
    • HR Policies Documentation
  • Guide

    Email Usage Policy

    Read our Email Usage Policy advice guides for employers, or contact us for further HR, Health & Safety and Employment law advice.

    Peninsula GroupHR and Health & Safety Experts
    • HR Policies Documentation
Back to resource hub

Try Peninsula for free today

See for yourself why Peninsula is the UK’s favourite HR and health & safety provider. Tap below to unlock free advice, policies, e-learning, and more.

Sign up to our newsletter

Get the latest news & tips that matter most to your business in our monthly newsletter.

International sites

© 2023 Peninsula Business Services Limited. Registered Office: The Peninsula, Victoria Place, Manchester, M4 4FB. Registered in England and Wales No: 1702759. Peninsula Business Services Limited is authorised and regulated by the Financial Conduct Authority for the sale of non-investment insurance contracts.

ISO 27001 and 9001 accredited company.
The Sunday Times - Top Track 250.
Glassdoor 2018 Best Places To Work.