General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) comes into force on 28 May 2018.

The new Regulation gives the individual more robust protection against misuse of their personal information/data. As an employer you will have a great deal of personal information in your possession, this is fine…..but there are new requirements about what exactly you store, where you store it and how you dispose of it. The information below should help you to comply with the new Regulation.

Privacy notices
Privacy notices, most commonly found in staff handbooks will have to provide more detailed information, such as:

• How long data will be stored
• If data will be transferred to other countries
• Information on the right to have personal data deleted or rectified in certain instances.

Employers should review and update privacy notices to ensure compliance.

Data breaches
The GDPR will introduce a mandatory reporting requirement in the event of a personal data breach (i.e. loss, unauthorised disclosure or destruction) which is likely to result in a risk to the rights and freedoms of individuals (such as damage to reputation or loss of confidentiality). In such circumstances, an employer will have 72 hours to notify and provide certain information to the relevant supervisory body.

Need More Guidance? We have uploaded a number of useful documents onto the members section of our website.