Employee records and data privacy
The Data Protection Act 2018 and UK General Data Protection Regulations (GDPR) set out the basic legal rules in place to protect personal data belonging to private individuals and prevent the misuse of personal data. These are key for employers to understand and be able to apply in practice.
An employer is legally required to protect the personal data of its employees and only use their data for certain lawful purposes by complying with the strict rules known as the ‘data protection principles’.
Under these obligations employers are required to:
In addition, employees have the right to be told about:
If an employer fails to adequately protect employee personal data, the employer could automatically be in breach of their duties owed to the employees and this could result in serious consequences such as a breach of contract. Therefore, when it comes to employee records, ensuring the effective data protection safeguards are in place from the outset is essential to protect the organisation.