GDPR arrives with us on 25 May 2018. We have already given lots of practical advice for dealing with consumer data but businesses must not forget about employee data.
In GDPR terms, employees are Data Subjects and employers are Data Controllers. As an employer you will collect personal data from your employees (and potential employees), and as such, you need to comply with the requirements set out in GDPR Article 13.
You will need to provide a GDPR Privacy Notice to all staff. The Notice can be sent via email or printed out with payslips or put in the Staff Handbook if you have one. A general Notice on the staff room wall may not suffice as you need to be sure that all employees have seen the information. Going forward, you will need to provide a Privacy Notice to all those who apply for jobs with you as Privacy Notices should be given at the time personal data is obtained.
The Notice you give to job applicants is likely to be different to the Privacy Notice you provide when you actually take someone on. The application Privacy Notice would look something like this:
Lawgistics Limited (Lawgistics) of Vinpenta House, High Causeway, Whittlesey, Peterborough PE7 1AE is the Data Controller. The Director Joel Combes is the Data Protection Officer and can be contacted at [email protected] in regard to any data protection issues.
Lawgistics will only use your application details for the purposes of the recruitment exercise. The data will be processed under the lawful basis of legitimate interests. The legitimate interest being perused by Lawgistics is the consideration of the Data Subject’s application for employment.
The data will not be passed on to any third parties.
Unsuccessful applications will be kept for a period of 4 months unless otherwise advised. Successful applications will form part of an employee file and will be subject to the Employee Privacy Notice which will be provided on appointment.
As a Data Subject you have a number of rights in regard to your personal data and these include the right to request from Lawgistics access to and rectification or erasure of personal data or restriction of processing concerning your data or to object to processing as well as the right of data portability. More information on these rights can found at Information Commisioner’s Office www.ico.org.uk which is the organisation to whom you have the right to make a complaint.”
You are welcome to use the above as a template for your own Notice and members will find an Employee Privacy Notice template in the members area.
A digitalised Employee Privacy Notice will form part of our new HR Manager Portal which is due for release at the Cardealer Expo 2018.