Tricky data protection issues – is your business compliant?

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) came into force last May and many businesses were concerned to get the right documents in place before the deadline, such as privacy notices and data protection policies.

After this initial flurry of activity, many business owners are still unsure as to whether their employment-related practices are really GDPR compliant.

As the fines for failure to comply with the GDPR are significant, getting to grips with the trickier areas of the GDPR is extremely important for all businesses.  Ensuring compliance requires ongoing consideration and review.

Difficult Areas of GDPR

Tricky areas that can lead to confusion include:

How to respond to subject access requests

Employees are able to request copies of the personal data that their employer processes about them.  Given that businesses will hold a significant amount of personal data about their employees and the timeframe to respond to a request is limited, this can be a difficult task to tackle.  Such requests are often made when the relationship between the business and the employee has broken down which means that getting the response right is vital.

Monitoring GDPR Compliance  

Many businesses monitor activities of their employees including emails and use of Company vehicles.  Monitoring may not be lawful unless it has been carefully thought about.  In particular, monitoring should be justified and proportionate to the aims it seeks to achieve and employees must be aware of the extent and purpose of the monitoring.

Sensitive information

Employers may hold information about sensitive matters such as medical conditions or criminal convictions.  It is important that employers understand the restrictions around use and storage of such information.

Data security

Keeping information safe is an extremely important aspect of GDPR compliance.  If you have employees who use personal devices for business activities, careful thought needs to be given to keeping sensitive information safe.

As the fines for failure to comply with the GDPR are significant, getting to grips with the trickier areas of the GDPR is extremely important for all businesses.


Free GDPR Seminars

During June 2019, we will be considering these issues at a series of free seminars.  The seminars are aimed at business owners who do not have in-house HR resources. To book your place, please contact or call 01582 390568.

If you have any questions on this topic or any employment law related questions regarding your business, please feel free to contact our team