Are you aware of how the new General Data Protection Regulation (GDPR) will affect you and your employees? Employers must comply with the new European legislation that will be taking effect from May 2018, if your company doesn’t comply, you could be facing some pretty hefty fines!
What is the GDPR?
The GDPR will replace the existing legislation for the protection of personal data: the Data Protection Act 1998 which is considered to be in need of desperate updating. Many consider this one of the most important changes in data protection over the past 20 years, especially with the advancement of the internet and the ways in which technology has changed our entire experiences with data. Did you know, in 1998 Google hadn’t even launched as a search engine in the UK yet, that’s how out of date the Data Protection Act is! The GDPR will be in place from May 2018 and its new rules are complex, leaving quite a tight timescale for employers to implement new changes to avoid potential claims and fines.
What is personal data?
Your staff’s personal data is any data by which they may be identified from emails to documents or HR records which include their name, address or email address. As an employer, you are highly likely to be storing and processing the personal data of your staff and the GDPR aims to give greater accountability to how personal data is used. In addition to personal data, most employers will also store sensitive personal data which includes information on their health, race, religion as well as sexual orientation, this sensitive data will be subject to higher protections.
If you fail as an employer to implement GDPR, the fines are harsh and are out to prove that the GDPR is not an option but a necessity. A failure to fulfil the new obligations could result in fines to the maximum of €20 million for the largest employers or 4% of worldwide turnover, whichever is higher. Fines for small to medium sized companies are also likely to be staggering to ensure that the GDPR is given the highest level of consideration within your organisation.
The GDPR is a piece of European legislation which will apply across the entire EU and will come into effect before the proposed Brexit will take place. The UK government has confirmed that the UK will be implementing GDPR fully into UK law and has been stated as being essential by legal advisors if we wish to trade at all with the rest of Europe.
Consent and your staff rights
At present, many employers will only have a standard clause in their employment contracts that gives the employee’s consent to store and process their personal data. However, this has been criticised and under the new GDPR laws, consent must be informed, freely given, specific and unambiguous. Therefore, the standard clause that is currently being used that employees are obliged to sign will not be good enough under GDPR. The GDPR will significantly enhance the rights of employees and as ‘data subjects’, they will be give more information on how and why their data will be processed. In addition, there will be a new right ‘to be forgotten’ where employees can require you to remove their personal data from your records in certain circumstances.