Privacy and Data Protection is big news with the GDPR coming into force on 25th May 2018. Not a subject most of us can get too excited about but, with hefty sanctions for non-compliance, it is essential that all businesses are ready for the change.
There are many elements of the GDPR that are the same as the requirements of the Data Protection Act 1998 but it also adds some new things and alters some existing requirements.
As an employer, you will process personal data about your staff, for example, names, addresses, bank details and all those other pieces of factual data that you need. It also includes information such as data about performance, health and behaviour. GDPR applies to the processing of that data.
GDPR means that, as an employer, you will need to give not only more, but more specific, information to your employees about what data you process and why. The new Accountability Principle, means that you will need to be able to evidence to the Information Commissioners Office, that you are complying with your duties under the new data protection rules, which means keeping track of your processing activities. This means having a record of what data you hold, what your lawful reason for processing that data is, what you use it for, who has access to it, who you send it to and how long you keep it.
A key area, which crops up in the context of both data protection, privacy and Human Rights law is the monitoring of your employees. This can include things such as IT and communication system monitoring, CCTV and vehicle tracking.
Monitoring requires you to consider very carefully what monitoring you do, how it could impact the privacy of your staff and whether the type of monitoring you do is reasonable to achieve your purpose or are there less intrusive options
Under GDPR and in line with recent case law on privacy, you will need to ensure that, if you do want to monitor your employees, you tell them, in advance, what you will be monitoring, why, what that information can be used for, who can have access to it and how long it’s kept for. If you covertly monitor your employees without a very good reason, you may well find yourself in breach of privacy provisions, which then also has an impact on your ability to take action where necessary.
You should therefore make sure that your policies and procedures are up to date and provide all the information your staff are entitled to about the information you obtain about them.