Data protection overview

Produced by Tolley in association with Hannah Freeman at Old Square Chambers

The following Employment Tax guidance note Produced by Tolley in association with Hannah Freeman at Old Square Chambers provides comprehensive and up to date tax information covering:

  • Data protection overview
  • Key terms
  • The seven data protection principles
  • Conditions
  • Consent
  • Sensitive personal data
  • Rights of access
  • Pension schemes and data protection issues
  • Monitoring

Data protection overview

Invariably the management of workers and employees necessitates the creation of personnel records and a degree of monitoring of the workforce. On 25 May 2018, the EU General Data Protection Regulation (GDPR) came into force. This is supplemented by the UK Data Protection Act 2018 (DPA 2018).

The Information Commissioner is responsible for enforcement of the GDPR. The Commissioner also has a duty to publish codes to promote good practice. These do not have the force of law but may be referred to in enforcement proceedings and reflect the Commissioner’s views. Employers are therefore strongly advised to familiarise themselves with the codes. The Information Commissioner has not yet published a GDPR-specific Code on employment and protection. However, the Code issued under the DPA 1998 (legislation prior to the introduction of GDPR) still provides helpful guidance. See the Employment Practices Code and the Employment Practices Code Supplementary Guidance, both of which can be downloaded from the Information Commissioner’s Office website. The Information Commissioner has also produced a useful general guide to the new GDPR regime.

Key terms

The GDPR and its associated legislation uses various terms that an employer will need to be familiar with, as follows:

WorkerThis includes applicants (successful and unsuccessful), employees, agency staff, casual staff and contract staff; volunteers and work experiences placements are also covered by some provisions
DataInformation about individuals, which is kept by an organisation on computer in the employment context, will fall within the scope of GDPR. Information that is kept in manual files will often fall outside GDPR: a manual file will only be subject to GDPR if it is part of a structured and referenced system that can be used easily to recover the precise information under request ― for example, an employee’s paper HR file
Personal dataInformation which falls into the definition of data and which relates to an identified or identifiable living individual. The individual may be identified directly from the

Popular documents