Data protection overview

Produced by Tolley in association with Hannah Freeman at Old Square Chambers

The following Employment Tax guidance note Produced by Tolley in association with Hannah Freeman at Old Square Chambers provides comprehensive and up to date tax information covering:

  • Data protection overview
  • Key terms
  • The seven data protection principles
  • Conditions
  • Consent
  • Sensitive personal data
  • Rights of access
  • Pension schemes and data protection issues
  • Monitoring

Data protection overview

Invariably the management of workers and employees necessitates the creation of personnel records and a degree of monitoring of the workforce. On 25 May 2018, the EU General Data Protection Regulation (GDPR) came into force. This is supplemented by the UK Data Protection Act 2018 (DPA 2018).

The Information Commissioner is responsible for enforcement of the GDPR. The Commissioner also has a duty to publish codes to promote good practice. These do not have the force of law but may be referred to in enforcement proceedings and reflect the Commissioner’s views. Employers are therefore strongly advised to familiarise themselves with the codes. The Information Commissioner has not yet published a GDPR-specific Code on employment and protection. However, the Code issued under the DPA 1998 (legislation prior to the introduction of GDPR) still provides helpful guidance. See the Employment Practices Code and the Employment Practices Code Supplementary Guidance, both of which can be downloaded from the Information Commissioner’s Office website. The Information Commissioner has also produced a useful general guide to the new GDPR regime.

Key terms

The GDPR and its associated legislation uses various terms that an employer will need to be familiar with, as follows:

WorkerThis includes applicants (successful and unsuccessful), employees, agency staff, casual staff and contract staff; volunteers and work experiences placements are also covered by some provisions
DataInformation about individuals, which is kept by an organisation on computer in the employment context, will fall within the scope of GDPR. Information that is kept in manual files will often fall outside GDPR: a manual file will only be subject to GDPR if it is part of a structured and referenced system that can be used easily to recover the precise information under request ― for example, an employee’s paper HR file
Personal dataInformation which falls into the definition of data and which relates to an identified or identifiable living individual. The individual may be identified directly from the

There’s no margin for error.
Think Tax.
Think Tolley.
TolleyGuidance gives you direct access to critical, comprehensive and up-to-date tax information and expertise you can rely on.
Take a free trial
Popular documents
LEXISNEXIS

Consortium relief

IntroductionConsortium relief enables losses of a consortium company to be transferred to consortium members in proportion to the consortium member’s interest in the consortium company, and vice versa. Consortium relief is a flexible relief which is available in several different scenarios which are

LEXISNEXIS

Using the spouse exemption

Arguably, the most important exemption from IHT is the married couple / civil partner exemption.There is no IHT to pay on gifts from husband to wife and vice versa, or from one civil partner to the other (referred to collectively in this note as ‘spouses’). The exemption applies to inter-spouse

LEXISNEXIS

Notices of coding

Notices of coding are the means by which HMRC notifies both the employee and the employer of the tax code to be applied to the employee’s earnings. There are several types of coding notice, as detailed below. Only one of these types of notice, form P2, is sent to the employee, the others are sent to

LEXISNEXIS

Transfer pricing rules ― overview

What is transfer pricing?Transfer pricing is the prices at which an enterprise transfers either physical goods, intangible property or services, including financing arrangements, to associated enterprises. Generally, enterprises are associated if there is direct or indirect control by one of the