• Gdpr
  • February 15, 2022

Data protection and privacy – Employer’s responsibilities

Data protection and privacy laws touch on almost every aspect of HR. 

Employers must strike a fine balance in complying with the UK GDPR, Data Protection Act 2018, and other privacy regulations whilst at the same time conducting disciplinary investigations and procedures and undertaking other employee-related decisions.

To help you, as an employer, gain a brief understanding of your data protection and privacy responsibilities in terms of HR, our Employment Law Solicitors have answered some common questions below.

What is data protection?

Data protection provides data subjects (people who have allowed you to hold and process their data) certain rights, including the right to:

  • access their personal data
  • be notified of a data breach which may result in their personal data being compromised
  • to not have their data shared with third parties without their consent
  • have confidence that their sensitive personal data, such as confidential information regarding their health, is not processed unless certain regulatory conditions are met

The fines and reputational damage that can result from a data protection breach are substantial, therefore, it is imperative to take compliance seriously.

>> Watch our video: How to comply with GDPR

What are the main points an employer should be aware of when processing employees’ personal data?

Employers who run an SME should consider the following data protection and privacy law rules and responsibilities when processing employee data and drafting their employment contracts:

  • consent – you need to be able to demonstrate that your employees have been informed of how their personal data will be used and for what purposes.
  • lawful processing – keep records to show that any processing of personal data is for one of the six lawful reasons for processing under the UK GDPR. Complying with the terms of an employment contract is one of the lawful reasons for processing data.
  • have a comprehensive internet, email, and social media policy that is understood and accessible to all employees.
  • keep detailed records that prove your accountability to data protection and privacy compliance. This includes staff training, considering whether to appoint a Data Protection Officer, identifying and eliminating risks to employee privacy, and only collect personal data that is adequate, relevant, and necessary.

Wrapping up

HR data protection and privacy compliance is an ongoing process, and your systems and records should be regularly monitored to ensure if a data breach or subject access request occurs you can act quickly to comply with your duties under the UK GDPR and the Data Protection Act 2018. 

If you require legal advice regarding data protection and privacy law, please do not hesitate to contact us.

Get legal assistance from LawBite

If you don’t comply with GDPR, you can be fined by the regulator (the ICO - Information Commissioner’s Office)  – up to 4% of your turnover. Or, even more worryingly, the ICO can issue a ‘Stop Now’ order, which prevents you from collecting or using personal data at all, either permanently or until you have complied with their requirements.
Our GDPR lawyers will work with you speedily and affordably to understand what your business needs and agree on a pathway to compliance.
Book a free 15-minute consultation with one of our expert GDPR and Data Protection lawyers today.

Additional useful information

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • February 07, 2022
Earning user trust by prioritising data protection compliance

Protecting people's privacy is not only the right thing to do, but it is key in earning trust. In 2022, armed with the knowledge gained from the Ca...

blog image
  • By LawBite Team
  • January 28, 2022
Who Needs a Data Representative in the EU for GDPR Compliance?

Obtaining a GDPR Data Representative in the EU for GDPR compliance is an important consideration that you, as a business owner, must think about.  ...

blog image
  • By LawBite Team
  • April 04, 2022
How to Gain Consent Under the GDPR

Even several years after the introduction of the General Data Protection Regulations (GDPR) in 2018, there is still a lack of understanding about h...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free