General Data Protection Regulations: What the Changes mean for Employers

blog-publish-date

03 Jul 2017

blog-read-duration

In May 2018, the new General Protection Regulation will be introduced in the UK, making significant changes to the way that employers handle their employees’ data. Here, we take a look at what employers need to know.

Current Data Protection Law

The Data Protection Act 1998 (DPA) currently sets out what information is classed as ‘data’ and how employers should manage the ‘personal and sensitive data’ of their employees, it is intended to ensure data about individuals is not used in an unfair and unlawful way. It also provides for a mechanism for employees to be able to see the data that their employer holds on them i.e. a Subject Access Request.

General Data Protection Regulation

This will build on current legislation and provide more protection for consumers and more privacy considerations for organisations. It will put the onus on companies to change their “entire ethos” on data protection with the main focus on increased accountability and transparency to how organisations hold data.

Main Changes

  • Employee consent to their employer processing their data will need to be informed, freely given and specific. Employee handbooks will need to be reviewed in this regard;
  • Data protection risk assessments are likely to be required when carrying out a new project or implementing a new system;
  • When responding to a Subject Access Request, employers will no longer be able to charge the employee a fee for gathering the information unless the request is manifestly unfounded or excessive, in which case a “reasonable fee” can be applied. The information will have to be provided without delay and within one month at the latest (currently a 40 day limit applies);
  • Individuals will have new rights to have data corrected; restrict how it is used and to be ‘forgotten’;
  • Data processers will no longer need to inform the Information Commissioner’s Office annually of data processing activities. Instead there will be increased record keeping requirements;
  • Maximum fines for very serious instances of non-compliance will increase from £500,000 to £20 million or 4% of an organisation’s worldwide annual turnover, whichever is the highest.

Croner Tips

  • The Government will be given some leeway to make its own law on data protection so employers should continue to keep an eye on developments in this area;
  • With maximum fines increasing so significantly, employers must be sure they are comfortable with the changes. The starting point is likely to be a review of all data protection documentation in place to ensure it remains valid.

Free to Download Employer Resources

  • Pay Awards & Forecast (September 2018)

    FREE DOWNLOAD

    Pay Awards & Forecast (September 2018...

    Read Croner Reward's expert settlement and forecast report for September 2018

    Read more
  • Sample Health & Safety Policy Statement

    FREE DOWNLOAD

    Sample Health & Safety Policy Stateme...

    Here we’ve included a free sample Health & Safety Policy Statement that UK business owners can refer to.

    Read more
  • Pay Awards & Forecast (June 2018)

    FREE DOWNLOAD

    Pay Awards & Forecast (June 2018)

    Read Croner Reward's expert Settlements and Forecasts report for June 2018

    Read more
  • How Much Does Employee Turnover Cost Your Business?

    BLOG

    How Much Does Employee Turnover Cost ...

    A recent Glassdoor survey revealed that almost 35% of hiring professionals expec...

    Read more
  • Staff Turnover: What Do You Need to Know?

    BLOG

    Staff Turnover: What Do You Need to K...

    Having a high worker turnover can have mean two things: A negative impact on you...

    Read more
  • What is Wrongful Dismissal?

    BLOG

    What is Wrongful Dismissal?

    If you breach an employee’s contract, you could be liable for wrongful dismissal...

    Read more
  • bemrose-school-derby

    CASE STUDY

    Bemrose School Derby

    “Having Croner-i saves us a lot of time and money, as we do not have to use cred

    Read more
  • wmtr

    CASE STUDY

    WMTR

    “I’d definitely recommend the Croner OnSite services and I have done already, I

    Read more
  • certikin

    CASE STUDY

    Certikin

    “Our Distribution Manager had a particularly technical query relating to respira

    Read more

Ready to focus on what you do best?

Get your free consultation and speak to an expert today.