This briefing is the second in our multi-disciplinary GDPR series which aims to help you successfully navigate the GDPR as 25 May 2018 approaches. Here we place the spotlight on key compliance considerations in the employment sphere.
Data is ubiquitous in the employment context: it is processed from the point at which a job application or CV is received if not before (such as profiling of potential candidates through LinkedIn, for example), right through to beyond the termination of employment (for example when references are given). The employer will handle "core" categories of employee data on an employee's personnel file (for example, their address, national insurance number, performance appraisals, grievance and disciplinary records), but also data generated and processed in the context of pension schemes and share plans, as well as in liaising with third party providers such as insurers, payroll providers and occupational health professionals. It is worth noting that whilst we refer to "employees" in this briefing, the contents apply equally to employees, workers and self-employed contractors.
In particular, we consider some of the key requirements of the GDPR in the employment context, together with practical tips on how to implement the required changes.
Please read our full briefing for more on the following issues:
- Identifying a legal basis for processing employee data;
- Employee rights under the GDPR;
- How to transition to the new regime;
- Sensitive personal data;
- Monitoring and profiling; and
- Training and awareness.
The contents of this publication, current at the date of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2019