0203 319 1649


GDPR (General Data Protection Regulation)
You Need to Start Thinking About This!

There have been a number of developments later that have and continue to have an impact on managing people.  There was the abolition of tribunal fees, gig economy workers continuing to establish their status, and the next thing coming your way is General Data Protection Regulation (GDPR).

Need help with GDPR for HR Data?
Get In Touch

What is GDPR about?

GDPR is a European Directive that looks at data protection and comes into force in May 2018.

If you think “Ah, it’s European, we’re heading out of the EU and therefore this won’t matter too much” you may wish to reconsider as:

  • We’ll still be part of the EU when it comes into force so therefore you’ll need to comply.
  • It could be that this is something the UK adopts even post Brexit
  • It’s likely that if you wish to do business with any country in Europe then they will look for evidence that you comply with the legislation anyway.

Ignoring this is unlikely to be the best option!

What does GDPR mean for people data?

GDPR categorises data protection into two areas – data protection ‘by design’ and data protection ‘by default’.

  • By Design’ requires businesses to embed privacy considerations from a day-to-day perspective but also from a strategic view point.  So, when you are considering new system implementations and working practices you need to demonstrate that you have assessed the data protection risks and that you have build appropriate safeguards into what you are doing.
  • By Default’ requires businesses to ensure that data is processed for only what is required in each individual case – i.e. not requesting lifetime background when the last year will suffice. This will control the data companies collect, the extent to which it is processed and ensure it’s not stored for longer than is necessary – again similar principles to the current DPA – just more refined.


One of the biggest changes that GDPR introduces is consent.  Many businesses currently have a clause in their contract that covers Data Protection. It will generally state that the employee gives the employer permission to gather and process personal data.  GDPR will not accept this going forward.

GDPR requires data processing consent to be “freely given, informed, specific and explicit”. This means that it will have to be a separate document to the employment contract and there will be a need to provide far more detail as to what information will be captured, how it will be stored, how it will be protected and what it will be used for.   Employers will need to have records on how data is processed and a written policy in place which covers the above.

Data Subject Access Requests

At the moment, if you receive a Subject Access Request from an employee you have 40 days in which to respond and can make a charge of a maximum of £10 for providing the information.  GDPR will change this.  You will no longer be able to charge a fee and will usually be expected to provide the data in 30 days which may extend to 90 days in complex cases.

What you should be doing now

Here are some action points for you and your management team to ensure you start moving towards being compliant with GDPR:

  • If it’s not already on your agenda then make sure it starts to feature.  You need to be planning as, whilst this article focuses on the impact of GDPR on how you deal with employee information, it’s likely to touch many other areas of your business;
  • You should make sure you know enough about the regulations to ensure that not only is HR compliant but also finance, marketing and customer service functions;
  • Identify data controller(s) or whether you need a Data Protection Officer;
  • Conduct an initial risk assessment – key question is whether you will meet the GDPR compliance criteria? Is the data you process in line with this? What are the reasons for processing the data?
  • Get a compliance timeline in place so that you are ready to “ROCK N ROLL!!”

The requirements for GDPR continue to involve and here’s a link to the ICO website to help you to keep track of the developments. We are running a GDPR workshop in January 2018 and you can sign up to this here. You can also give us a call on 0203 319 1649 if you’d like to discuss the impact on your business in more detail.

If you’d like help with GDPR for HR, or any other HR matter, contact us on 0203 319 1649 or use the form below.

Contact Us

If you’d like help with GDPR for HR, or any other HR matter, contact us on 0203 319 1649 or use the form below.

Contact Us

Why not sign up to our blog alerts so you are notified when we post any news or announcements?

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Google Maps
Consent to display content from Google

0203 319 1649


Cart Overview