GDPR - it's happening.
Is your business ready?
The General Data Protection Regulation (GDPR) comes into force on 26th May, 2018. It replaces the current legislation the Data Protection Act (DPA). Companies that fail to comply with the new rules will face fines of up to €20M, or 4% of global annual turnover. These rules relate to storing and handling personal data.
GDPR requires employers to provide employees (and job applicants) with an information notice, aka a privacy notice aka a fair processing notice. This sets out specified information about the processing of their personal data.
What information must employers supply to employees about the processing of their personal data under the General Data Protection Regulation (GDPR)? A privacy notice must include numerous things, including:
the identity and contact details of the employer as the data controller;
the purposes for which the data will be processed and the legal basis for processing;
the period for which the data will be stored, or if it is not possible to specify the retention period, the criteria used to determine the period;
the employees’ rights to request access to, rectification or erasure of data; to request restriction of processing; or to object to processing;
where the legal basis for processing is consent, the right to withdraw consent at any time;
the right to lodge a complaint with the supervisory authority;
whether or not the provision of personal data is a statutory or contractual.
Employers need to review how they collect, hold and process personal data, and how they communicate to others about their activity.
For further information on GDPR or any other employment related matter, contact Nichola Coulthard on 07946 541606 nichola@coulthardhr.co.uk. www.coulthardhr.com
Coulthard Human Resources helping businesses become amazing employers