As most employers will no doubt be aware the General Data Protection Regulations (GDPR) is set to be transposed into UK law. This article focuses on how they might affect the employment relationship, although these rights will also apply in relation to data subjects who are not employees. As part of these changes employees and other data subjects will gain a number of new/additional rights, the most notable of which are detailed below:
Data Subject Rights;
The right to be forgotten
Employees will now, in certain circumstances, have the right to request to be forgotten. Following a request to be forgotten an employer must erase this information, without delay, unless they are able to show the information is specifically exempt from being processed. If, for example, it is necessary for an employer to hold this information to ensure they comply with a legal obligation under EU or member state law then they would not be required to delete this information.
The right to rectification
Employees will be able to require an employer to rectify inaccurate personal data they hold about them. The GDPR suggests that this information must be amended without undue delay and it is currently envisaged an employer will have a month to comply with this request.
The right to restrict processing
Employees will be entitled to restrict the processing of their data under certain circumstances e.g. if the processing by an employer is unlawful. An employer can still continue to store the data but it is understood they will be unable to process it unless they:
- have the employee’s consent;
- are exercising or defending any legal claims;
- are protecting the rights of another or a legal entity; or
- have an important public interest reason for doing so.
The right to data portability
This will allow employees to obtain a copy of personal data from an employer, transmit their personal data to another data controller (e.g. another employer) or have their personal data transmitted directly by the employer to another third party or employer.
It is important to note that the Data Protection Bill is still going through Parliament and therefore while it is expected the principals above will remain in substance, the detail of these rights may be altered.
The new rights for employees, along with a revamp of existing rights, means that an employer’s obligations in respect of data protection will increase. Understanding these rights and having a process to respond to employee requests in relation to them are vital.
To help you comply with your obligations towards employees in relation to the GDPR we have put together a toolkit;
If you have any questions or would like further details of our GDPR for HR toolkit then please contact James Monk on 0121 227 3366 or email firstname.lastname@example.org