Data Protection for the 21st Century

Employment aspects of GDPR

The General Data Protection Regulation (GDPR) becomes law on 25 May 2018.  GDPR is the biggest change to data protection law in 20 years and reflects technology developments and increasing amounts of personal information processing.

What’s new?

For employers, the main changes from the Data Protection Act 1998 are:

  • A new individual right to be informed. This means you will need to proactively advise your workforce and job applicants about their personal data held and processed.
  • Consent for processing personal data in an employment relationship can no longer be relied upon. Employers will need to rely on one of the other 5 legal reasons for processing (including compliance with a legal requirement, performance of the contract and legitimate reasons of the organisation).
  • Process changes for subject access requests where individuals may ask to see their personal information that is stored or processed.
  • Record keeping. Data controllers and processors (employers) are required to keep certain records to demonstrate their compliance with the new regulations.
  • Huge increases in financial penalties for non-compliance with the maximum being 4% of global annual turnover, or €20m – whichever is greater.

What do I need to do?

The financial penalties are a serious motivator for compliance, so you should act now.  This is a significant change to the law and there is lots to do – much more than can be listed here.  In the first instance you should:

  1. Conduct a data audit to assess what employee data you hold and why
  2. Update your current employment documents eg contract, handbook and policies/procedures to comply with the new regulations including:
    1. amendments where consent is currently sought
    2. update references to the Data Protection Act 1998
    3. changes to subject access request procedures
    4. keeping data secure and accurate.
  3. Create privacy notices to advise how personal information is legally used and advise individual rights around data processing
  4. Plan training your workforce on their responsibilities to keep your organisation GDPR compliant.

How can West HR help?

Over the last few months we’ve been busy learning about the regulations and interpreting them into clear steps for employers.

The easiest way to start your preparations are to meet with us for a briefing and creation of a bespoke action plan which we can support the delivery of as required.

In addition, we offer Training workshops on the detail of implementing the HR aspects of GDPR in a practical full or half-day session.

Other help

The Information Commissioner’s Office (ICO) website has some clear explanation of GDPR along with implementation checklists and templates.  It is being constantly being updated with guidance in all aspects of GDPR and is a good starting point.

Next steps

Contact us now to book a briefing and action planning meeting:

01949 500 949



Latest News

Management Training this way?

Managers are often promoted into the role due to their technical knowledge or long...

read more

Can your business benefit from external HR support?

The legal challenges which surround typical HR issues can be daunting for SME owners,...

read more

Useful tips on how to lose the holiday blues

Ready GO! It can be a challenge to regain a work-positive mind-set after a...

read more

What’s in it for (S)ME?

What’s in it for (S)ME? Working for a Small to Medium Enterprise (SME) can...

read more

Ask Us

You’ve got a people problem...
We can help you.

Learn More


Sign up to our newsletter for all the latest news and events.

Your privacy matters to us. We promise to keep your information safe and we’ll only get in touch with you according to your preferences. You can read more about how we store and use data in our privacy notice.