Data Protection

Andrew Willis

Andrew Willis

blog-publish-date

01 Nov 2019

blog-read-duration

While members of the public may have access to certain information, others are confidential and protected by the Data Protection Act 2018.

This was set up as a way to protect the confidentiality of the personal information your organisation collects. Together with the General Data Protection Regulation (GDPR), they form the basis for how you’ll collect, process and store confidential information.

In this piece, we’ll explore the current legislation and highlight the seven guiding principles of data protection. There’s also a template as guidance for creating your policy.

 

What is data protection?

It’s the system in place that aims to safeguard personal information from compromise. Be it through corruption, theft or loss.

As an employer, you have a legal obligation of transparency when it comes to how you’ll process, use and store the information you collect.

 It’s important to ensure the workforce operates in a way that complies to these laws.

 

What is the Data Protection Act?

In May 2018, the government enacted an update to the Data Protection Act 1998 to control how business and government institutions use personal information and to include wording related to the General Data Protection Regulation (GDPR).

According to the Data Protection Act 2018, your employees have the right to know:

  • What data you hold about them.
  • How you use the information.

Employees also have a right to:

  • Update incorrect date.
  • Have their data removed.
  • Restrict or stop the processing of data.
  • Object to how you use their data.
  • Obtain and re-use their data for a different purpose

If you receive a request regarding personal information, you’ll have one month to provide access to this information.

When addressing complicated or multiple requests, you can take a further two months to provide it.

There are also instances when you can withhold information from employees or clients. Examples include when the information relates to:

  • The prevention, detection or investigation of a crime.
  • National security.
  • The assessment or collection of taxes
  • Judicial or ministerial appointments.

In certain circumstances, you’re required to complete a Data Protection Impact Assessment (DPIA) to help you identify and minimise the risks to data protection during a project. This includes:

  • Where the type of data processing you carry out is likely to result in a high risk to the rights and freedoms of others; and
  • Where you carry out systematic and extensive profiling with significant effects
  • Where there is large scale use of special categories of data (previously known as sensitive data)

In it, you’ll:

  • Describe the nature, scope, context and purpose of the processing.
  • Assess the necessity, proportionality and compliance measures in place to identify risks.
  • Identify and assess the risk to individuals.
  • Explore additional measures and support to mitigate the above risks.

Data protection principles

Article five of the GDPR set out seven key principals that lie in the heart of your approach to the processing of personal data.

As opposed to providing hard and fast rules relating to GDPR, these principles serve as an embodiment of the general spirit of the legislation that you base the general data protection on. Principles include:

  1. Lawfulness, fairness and transparency
  2. Purpose limitation.
  3. Data minimisation.
  4. Storage limitation.
  5. Integrity and confidentiality (security).

Data protection breach examples

You’ll need to recognise cases relating to the breach of the regulations in place to protect data.

Examples of data protection breaches in the workplace include:

  • Loss or theft of physical notes, computers, mobile devices or USB drives.
  • Unauthorised individuals gaining access to the company’s computer, email account or computer network.
  • A break-in where individuals gain access to personnel information in unlocked storage.
  • An employee copying contact lists for their personal use.

Data protection policy template

There’s a free sample data protection policy you can refer to when producing your policy.

This sample provides you with information relating to the data protection principles, procures and disclosures as well as your commitment to data protection within all aspects of your business.

 

Expert support

If you have any further questions relating to data protection or GDPR, speak to a Croner expert on 0808 145 3380.

About the Author

Andrew Willis

Andrew Willis is the senior manager of the Litigation and Employment Department and assumes additional responsibility for managing Croner’s office based telephone HR advisory teams, who specialise in Employment law, HR and Commercial Legal advice for large organisations across the United Kingdom.

linkedin

Andrew Willis

Free to Download Employer Resources

  • Model Apprenticeship Agreement

    FREE DOWNLOAD

    Model Apprenticeship Agreement

    Read more
  • Sample COSHH Assessment Record

    FREE DOWNLOAD

    Sample COSHH Assessment Record

    Read more
  • Return to Work Interview Form

    FREE DOWNLOAD

    Return to Work Interview Form

    Read more
  • BLOG

    Avoiding Slips, Trips and Falls in th...

    Whether your staff is in an office or on a construction site, every workplace ha...

    Read more
  • BLOG

    Daylight Saving Time: The Implication...

    Daylight Saving Time is coming to an end on Sunday 27 October, with the clocks g...

    Read more
  • BLOG

    Top Tips to De-escalate Conflict

    Conflict can take many forms. Whatever the nature of the conflict, it's in your...

    Read more
  • REC

    CASE STUDY

    REC

    The events are brilliant. Amanda Chadwick, one of the expert speakers, is a very

    Read more
  • Grantley Hall

    CASE STUDY

    Grantley Hall

    Whenever we have a sensitive issue - sometimes involving individuals with protec

    Read more
  • Lady Heyes Holiday Park

    CASE STUDY

    Lady Heyes Holiday Park

    Overall it's definitely had a noticeable impact on the business and how I perfor

    Read more

Do you have any questions?

Get a free callback from one of our regional experts today