Employers have substantial responsibilities regarding the processing and storage of their employees’ personal data. To maintain compliance with the UK GDPR, employee data must be processed in accordance with data protection principles.
When managing your employee data you should consider:
- what data do you hold about your employees and is it treated as personal or special category data?
- what is your lawful basis for holding and using employee data?
- is there data you need to manage more actively than at present or even delete?
- do you have the resources to deal with subject access requests from employees or other individuals?
- does your organisation need a data protection officer?
It is important to process and manage data in a way that allows you to manage employees effectively, while also balancing their data protection rights.
You should also ensure your employees understand and are properly trained on how they should handle the personal data of your customers and other business contacts. We can guide you through how to manage a review of your data protection practices and the training you offer your employees.
If your employees, volunteers or any other members of your team do not comply with the rules set out by the UK GDPR, you might find yourself liable for a substantial fine. We can offer you clear and practical advice on what to do and who to notify if your staff has breached the data protection rules.
In advising you on the data protection regime, our lawyers will always emphasise the practical – giving your business tailored advice that complies with the law and good practice.