Getting ready for GDPR
- Date: Monday 25th September 2017
- PDF: Download
Over the coming months in the lead up to the arrival of the General Data Protection Regulation (GDPR), which comes into effect in May 2017, we will be posing and answering some key questions.
This month we ask:
“What information must employers supply to employees about the processing of their personal data under the General Data Protection Regulation?”
The Regulation requires employers to provide employees (and other data subjects, such as job applicants) with an information notice, also known as a privacy notice or fair processing notice. The notice will set out information about the processing of an employee’s personal data.
The employer must provide this notice when it collects personal data from the employee or uses the personal data for a new purpose. The information that the employer must provide under the GDPR is more detailed than that currently required under the Data Protection Act 1998.
The privacy notice must include:
- The identity and contact details of the employer as the data controller
- The Data Protection Officer’s contact details if the organisation has one
- The purpose for which the data will be processed
- The recipients of the data
- Details of any data that will be transferred outside the EEA (European Economic Area)
- The duration for which the data will be stored
- The employee (data subject) right to request to: access, rectify, erase, restrict or object to the processing of data
- Where the legal basis for processing is consent, the right to withdraw consent at any time
- The right to lodge a complaint with the supervisory authority
- Whether or not the provision of personal data is a statutory or contractual requirement
- The existence of any automated decision-making
Source: Gavin Parrott, SSG