Employee records and data privacy
The Data Protection Act 2018 and UK General Data Protection Regulations (GDPR) set out the basic legal rules in place to protect personal data belonging to private individuals and prevent the misuse of personal data. These are key for employers to understand and be able to apply in practice.
An employer is legally required to protect the personal data of its employees and only use their data for certain lawful purposes by complying with the strict rules known as the ‘data protection principles’.
Under these obligations employers are required to:
- process personal data in a fair, lawful and transparent manner;
- collect personal data for specific, explicit and legitimate purposes;
- ensure information is adequate, relevant and limited to what is necessary for which it is processed;
- keep data up to date, accurate and in a form that enables data subjects to be identified for no longer than is necessary;
- process information in a way that ensures it is appropriately secure; and
- not transfer data outside the UK without adequate protection in place.
In addition, employees have the right to be told about:
- how their personal data is used;
- what records of personal data are kept about them; and
- the confidentiality of their data/records and how those records can assist their training and development at work.
If an employer fails to adequately protect employee personal data, the employer could automatically be in breach of their duties owed to the employees and this could result in serious consequences such as a breach of contract. Therefore, when it comes to employee records, ensuring the effective data protection safeguards are in place from the outset is essential to protect the organisation.
Your key contact
Sign up for our newsletter
Please fill in the form below to receive legal updates and seminar invitations from our expert solicitors – straight to your inbox.