TGDPR: Do employers need to update their data protection policies to make them GDPR compliant?
With the General Data Protection Regulation (GDPR) applying from 25 May 2018, our employment lawyer Charlotte Beeley shares with you some important information regarding the new regulations;
As part of our series of short blogs about the General Data Protection Regulations and what impact they will have on employers, we look at whether employers need to update their data protection policy.
We recommend that employers review the documents they have in place in relation to data protection. It is likely that any existing data protection policies has been drafted with employer’s obligations under the Data Protection Act 1998 in mind and therefore, will need updating or replaced.
We would recommend the following:
used to notify employees, workers and contractors about the personal data that you hold relating to them, how they can expect their personal data to be used and for what purposes.
to be used in place of a Data Protection Policy to set out the principles and legal conditions that you must satisfy when obtaining, handling, processing, transporting or storing personal data in the course of your operations and activities, including customer supplier and employee data.
Record of Processing Activities
to be used as a record of processing activities, including customer, supplier and employee data.
Data Protection Impact Assessment
to be used to evaluate the potential impact of high risk data processing activities, as required under Article 35 GDPR.
Our employment experts can assist with the review of your existing documents and replacing them with GDPR compliant documents.
MLP Law Limited
7 Market St,
Contact: Charlotte Beeley
Successful outcomes for you and your business