Businesses of all sizes should review their data protection policies and practices. In particular, you should consider how you store and use information about your employees and understand your new obligations.
Possible areas to update
When undertaking your review, you should consider:
- what data do you hold about your employees and is it treated as personal or sensitive personal data?
- what is your lawful basis for holding and using employee data?
- is there data you need to manage more actively than at present or even delete?
- do you have the resources to deal with subject access requests from employees or other individuals?
- does your organisation need a data protection officer?
You should also ensure your employees understand and are properly trained on how they should handle the personal data of your customers and other business contacts. We can guide you through how to manage a review of your data protection practices and the training you offer your employees.
If your employees, volunteers or any other members of your team do not comply with the new rules set out by the GDPR, you might find yourself liable for a substantial fine. We can offer you clear and practical advice on what to do and who to notify if your staff has breached the data protection rules.
In advising you on the new data protection regime, our lawyers will always emphasise the practical – helping you manage this complex area in a way tailored to your business that complies with the law and good practice.
