We are experienced in advising on the employment aspects of Data Protection and the UK GDPR.
Following the introduction of the EU GDPR and the Data Protection Act 2018, the obligations upon employers and rights of employees with regard to the processing of data changed significantly, meaning that nearly all employment contracts and data protection policies issued prior to 2018 may not be compliant with the GDPR.
In particular employers should be aware that by keeping records of their employees’ sickness absence or ethnic background, they will be processing sensitive personal data, which then engages further requirements under GDPR. We have considerable experience in assisting employers to comply with their many obligations in this complex and confusing area
We advise on:
- Reviewing or drafting compliant contracts of employment
- Drafting data protection policies, privacy notices and data processing records
- The impact of GDPR on the workplace, including the monitoring of employee communications and the use of CCTV
- The GDPR implications of asking employees about the COVID vaccination status
- Drafting policies addressing the use of the internet, IT systems and social media by employees
- Disciplinary issues arising out of the misuse of social media, email and IT systems by employees
- The rights of employees under GDPR, including the right to make a data subject access request (DSAR)
- The obligations of an employer with regard to data subject access requests and how to deal with such requests