Back to Insights Back to Insights
Data protection and privacy laws touch on almost every aspect of HR. 

Employers must strike a fine balance in complying with the UK GDPR, Data Protection Act 2018, and other privacy regulations whilst at the same time conducting disciplinary investigations and procedures and undertaking other employee-related decisions.

To help you, as an employer, gain a brief understanding of your data protection and privacy responsibilities in terms of HR, our Employment Law Solicitors have answered some common questions below.


What is data protection?

Data protection provides data subjects (people who have allowed you to hold and process their data) certain rights, including the right to:

  • access their personal data
  • be notified of a data breach which may result in their personal data being compromised
  • to not have their data shared with third parties without their consent
  • have confidence that their sensitive personal data, such as confidential information regarding their health, is not processed unless certain regulatory conditions are met

The fines and reputational damage that can result from a data protection breach are substantial, therefore, it is imperative to take compliance seriously.

>> Watch our video: How to comply with GDPR

What are the main points an employer should be aware of when processing employees’ personal data?

Employers who run an SME should consider the following data protection and privacy law rules and responsibilities when processing employee data and drafting their employment contracts:

  • consent – you need to be able to demonstrate that your employees have been informed of how their personal data will be used and for what purposes.
  • lawful processing – keep records to show that any processing of personal data is for one of the six lawful reasons for processing under the UK GDPR. Complying with the terms of an employment contract is one of the lawful reasons for processing data.
  • have a comprehensive internet, email, and social media policy that is understood and accessible to all employees.
  • keep detailed records that prove your accountability to data protection and privacy compliance. This includes staff training, considering whether to appoint a Data Protection Officer, identifying and eliminating risks to employee privacy, and only collect personal data that is adequate, relevant, and necessary.


Wrapping up

HR data protection and privacy compliance is an ongoing process, and your systems and records should be regularly monitored to ensure if a data breach or subject access request occurs you can act quickly to comply with your duties under the UK GDPR and the Data Protection Act 2018. 

If you require legal advice regarding data protection and privacy law, please do not hesitate to contact us.


Get legal assistance from LawBite

If you don’t comply with GDPR, you can be fined by the regulator (the ICO - Information Commissioner’s Office)  – up to 4% of your turnover. Or, even more worryingly, the ICO can issue a ‘Stop Now’ order, which prevents you from collecting or using personal data at all, either permanently or until you have complied with their requirements.
Our GDPR lawyers will work with you speedily and affordably to understand what your business needs and agree on a pathway to compliance.
Book a free 15-minute consultation with one of our expert GDPR and Data Protection lawyers today.

Additional useful information

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Free legal support for businesses

The LawBite Free Essentials Plan acts as your very own legal assistant, ready to provide expertise and guidance on the common legal issues that SMEs and businesses face.

Free Templates
  • X 3 legal document templates
  • Drafted by our expert lawyers
  • New documents added every month
Legal Healthcheck Tools
  • Business-specific surveys
  • Understand how compliant you are
  • Checks in, GDPR, IP, Brexit and more
Resources, Webinars and Articles
  • Access to the latest LawBite events
  • Legal guides for businesses
  • Smarter business law videos