Exactly one year from today, Brexit notwithstanding, the EU General Data Protection Regulation comes into effect. This is aimed primarily at commercial progressing of customer data but still has significant ramifications for HR’s handling of employee data. Compliance with the Data Protection Act as it stands will not be enough to protect against breaches of the GDPR, and the new law will represent fertile ground for employees looking to blow the whistle on something. The numbers being waved around as possible fines are enormous, but even though we think they will be the tiny exception rather than the rule, this isn’t an area for HR to treat casually.
To mark the occasion of just a year to go, our Global IP and Privacy blog has today posted the first in a series of pieces on the GDPR, written with an employer focus. A year may seem an eternity away but ensuring that you are squeaky clean by next May can entail a lot of work before then. So click here to read today’s piece on subject access requests and the position under the GDPR and please do keep an eye on Employment Law Worldview and the IP & Privacy Blog for future posts in this series. These which will include guidance on your employees’ new rights to access personal data, rights to data portability, to rectify and delete data and to restrict processing.
If you have any questions about what your organisation should be doing to ensure compliance with the GDPR, please speak to your usual Labour & Employment contact or a member of our global Data Privacy & Cybersecurity team.