UK GDPR and the Data Protection Act 2018 apply to every organisation that processes personal data. No exemptions, no minimum size threshold, if you hold data on employees, customers or candidates, the rules apply to you.

Here are the key things to have on your radar:

• Employees must give consent for their personal data to be processed.

• Employees have the right to make a Subject Access Request to view all information held on them by their employer.

• You must seek permission from an employee before requesting medical documents from their GP or specialist, under the Access to Medical Reports Act 1988.

• Be careful using social media information when recruiting. Only use it if there is a clear reason to do so and give the candidate the opportunity to respond to anything relevant.

• Data can be shared with third parties such as the police where it relates to an ongoing crime or possible fraud.

• The fine for a serious breach is up to £17.5 million or 4% of annual global turnover, whichever is higher. That is not a risk worth taking.

  
  

A clear, well-communicated data protection policy is not just good practice, it is a legal requirement.

How Lansbury HR can help

We can help you put the right policies in place and make sure your team knows what is expected of them. Get in touch to find out more.

#DataProtection #UKGDPR #HRCompliance #UKEmploymentLaw #HRSupport #SmallBusiness #LansburyHR