Under the General Data Protection Regulation (GDPR) organisations/businesses will have to provide their employees with information that explains how they as employers are processing an employee’s personal data.  This is often by means of a “Privacy Notice”.   This is an important document that an employer will need to prepare in order to become GDPR compliant.   You must therefore ensure it contains all the required information.

Interesting to note that this will also apply to job applicants as well, so it may be necessary to tailor the privacy notice accordingly.

The privacy notice can either be a hard copy or electronic.  Employees must also acknowledge receipt of the policy notice, perhaps by means of a duplicate copy or reply email.

What information must be included in an employee privacy notice?

  • The identity and contact details of the employer;
  • A description of the personal data that is collected;
  • The purposes for collecting, recording, storing, amending, reviewing, using and deleting personal data;
  • The legal basis on which the data is collected and used;
  • Who the personal data is shared with;
  • Whether personal data is transferred outside of the EEA and if so, details of the safeguards that are in place to protect the security of the data;
  • How long the personal data will be kept for; and
  • Details about the rights that employees have in relation to that personal data, for example the right to request that the employer rectify any incorrect information

Refer to our other GDPR updates or contact us if you require further help with your planning.

Sophie Graham Audit Manager Carlisle Office
Sophie Graham
Audit Manager
Carlisle Office