The General Data Protection Regulations (GDPR) are set to be transposed into UK law by 25 May 2018. As part of these new changes, employees will gain a number of new/additional rights. The key ones are set out below:

Right to Access

Employees can already request access to their personal information (commonly known as a “data subject access request”). This enables them to receive a copy of any personal information held by their employer and check it is being lawfully processed.

Right to Correction

Employees will be able to require an employer to rectify inaccurate personal data they hold about them. The information must be amended without undue delay; it is currently envisaged an employer will have a month to comply with this request.

Right to be Forgotten

Employees will now, in certain circumstances, have the right to request to be forgotten. Following a request to be forgotten an employer must erase the requested information, without delay, unless they are able to show the information is specifically exempt from being processed. If, for example, it is necessary for an employer to hold this information to ensure they comply with a legal obligation under EU or member state law then they would not be required to delete this information.

Object to Processing –

Employees can object to processing of their personal information where the employer is relying on a legitimate interest (or those of a third party) and there is something about their situation which makes them want to object to processing on this ground. They also have the right to object where the employer is processing personal information for direct marketing purposes.

Request the restriction of Processing

Employees will be entitled to restrict the processing of their data under certain circumstances e.g. if the processing by an employer is unlawful. An employer can still continue to store the data but they will be unable to process it unless they:

  • have the employee’s consent;
  • are exercising or defending any legal claims;
  • are protecting the rights of another or a legal entity; or
  • have an important public interest reason for doing so.
Data Transfer

This will allow employees to obtain a copy of personal data from an employer and transmit their personal data to another data controller (e.g. another employer) or have their personal data transmitted directly by the employer to another third party or employer.

 

It is important to note that the Data Protection Bill is still going through Parliament and therefore while it is expected the principals above will remain in substance, the detail of these rights may be altered.

For advice and assistance on how an employer should comply with their GDPR obligations contact James Monk on 0121 227 3366 or email jmonk@thursfields.co.uk

 

Thursfields expert Solicitors are available at any of our offices and surrounding areas – Birmingham, Worcester, Kidderminster, Solihull, Halesowen, Sedgley and Stourport.

 

Latest News

21 Jan

Thursfields launches specialist Retail & Leisure Team
Read more

Share

65 Views

0 Comments

16 Jan

Protecting the family assets from bad divorces
Read more

Share

120 Views

0 Comments

Upcoming Events

07 Feb

Thursfields Ladies Golf Networking
Read more

Share

3523 Views

0 Comments

07 Feb

PwC and CIPP Sixth annual Public Sector update for Payroll and HR Professionals
Read more

Share

67 Views

0 Comments