Law firm, Blake Morgan has launched a new and updated guide, We Mean Business: Counting Down to the GDPR, which includes practical and specialist guidance for employers in order to achieve compliance over the next few months.
The new guide comes after a survey by Blake Morgan revealed nine out of 10 businesses had still not made crucial updates to their privacy policies, a key requirement of GDPR for handling employee data.
Under the GDPR, employees as data subjects will have greater rights than they currently do under the current UK Data Protection Act (DPA) 1998. The regulations present employers with a number of important changes concerning both the way they handle information about their employees and what they tell employees about the information they store.
Mike Wilson, Managing Partner and an employment specialist at Blake Morgan said, “GDPR raises the bar significantly from existing legislation in terms of giving employees greater rights and compliance is likely to require a practical, cultural and structural shift in the majority of businesses and organisations.
“Compliance may seem like a mountain to climb, but the long-term payoff for employers will be considerable. It presents a real opportunity for employers to transform traditionally closed processes into more meaningful engagement with staff around things like employee performance and development.”
The main changes HR professionals will need to address are:
- Issuing job applicants and employees with a privacy notice detailing what type of information about them is/will be stored, on what legal basis, and what their rights are in relation to that information. Employers should be doing something similar already, but under the GDPR it will need to be a lot more detailed.
- Making sure that as an employer, consent, in general, is not relied on as a basis for lawful processing. This will mean changing general data protection consent forms, application forms, and contracts.
- Training staff on the significant changes to employees’ rights in relation to accessing their information and asking for it to be rectified, deleted, restricted or to object to the employer using or storing the information.
- Working more closely with IT teams on understanding what information is stored and used, including considering the wide range of digital information held on employees including activity on work IT systems, mobile devices, vehicles, CCTV and wearable technology.
- Appointing a Data Protection Officer (DPO) if they are a public authority. Any organisation can appoint a DPO, but all employers must ensure that they have sufficient staff and skills to discharge their obligations under the GDPR.
Blake Morgan’s data protection, regulatory experts and employment experts are available to answer questions from organisations about GDPR at GDPR@blakemorgan.co.uk
To download a free copy of the guide visit www.blakemorgan.co.uk/GDPR