News – 04.10.24
Buzzacott advises Tollring shareholders on strategic partnership with Amity Solutions
Learn how Buzzacott advised Tollring shareholders on strategic partnership with Amity Solutions … Read more
Insight – 04.10.24
Autumn Budget: How could this affect your finances?
With the Autumn Budget fast approaching, many are concerned about the impact it may have on their finances. … Read more
Upcoming event – 12.11.24
VAT, tax and financial update for Housing Associations
Join us for a VAT, tax and financial update for Housing Associations … Read more
Find us quickly
130 Wood Street, London, EC2V 6DL
enquiries@buzzacott.co.uk T +44 (0)20 7556 1200
Coming into force in May 2018, the GDPR will be applicable to all UK organisations and the Government has indicated that it will apply to UK employers. The GDPR places greater obligations on employers to inform employees about how their personal data is processed, as well as, to justify their grounds for doing so. There is only a short time remaining to ensure compliance, so it is critical for HR professionals to undertake an in-depth review of all existing policies and procedures which concern HR data and to assess the implications of the GDPR for them. The significance of the GDPR cannot be underestimated.
Under the GDPR an employee is able to withdraw their consent to process personal data as easily as they give it. In light of this, it is unlikely that blanket data protection consent clauses, often seen in employment contracts and policies, will meet the new requirements. To rectify this, HR professionals will need to review the basis blanket clauses relied on for processing employee data and consider whether they are still appropriate.
In order to satisfy regulations organisations may need to update their employment contracts, including those for existing employees, as well as create consent forms specifically about the GDPR.
In the case of a data breach employers must notify the relevant supervisory authority within 72 hours of becoming aware of the situation. Where it is likely to result in a high risk to rights and freedoms, employees must also be notified “without undue delay”. As a result, safeguards to data processing activities will need to be established and clear processes for notifying breaches created.
Recent judgements by the Information Commissioner have highlighted and punished organisations for the lack of training and awareness about the existing regulations. This is likely to become an ongoing theme, especially in the run up to the introduction of the GDPR. It is essential that organisations consider a comprehensive awareness campaign both with decision makers to prepare for the change and all those having access to personal information. There is an expectation that it is covered in employee onboarding and continual training programmes.
In order to comply with the new regime, it is likely significant changes for organisations will be required to ensure there are adequate systems, contractual provisions, and training in place. ‘Buy-in’ from a range of internal stakeholders is going to be essential. With penalties of up to 4% of worldwide turnover or €20m (whichever is greater) in addition to the effects a breach could have on an employer’s reputation, we strongly recommend compliance at all levels to be an urgent priority, particularly for HR professionals.
While subject access requests (SAR) exist in the current legislation there will be a reduced window to respond under the GDPR. It is highly possible that HR teams will be the first port of call for information requests, for example unsuccessful applicants, ex-employees, grievance and termination processes. HR teams need to have a robust and tested process for dealing with requests in the calendar month deadline.
If you're unsure about how the GDPR will impact your organisation or if you need some help getting your head around where to start, please contact enquiries@buzzacott.co.uk
Coming into force in May 2018, the GDPR will be applicable to all UK organisations and the Government has indicated that it will apply to UK employers. The GDPR places greater obligations on employers to inform employees about how their personal data is processed, as well as, to justify their grounds for doing so. There is only a short time remaining to ensure compliance, so it is critical for HR professionals to undertake an in-depth review of all existing policies and procedures which concern HR data and to assess the implications of the GDPR for them. The significance of the GDPR cannot be underestimated.
Under the GDPR an employee is able to withdraw their consent to process personal data as easily as they give it. In light of this, it is unlikely that blanket data protection consent clauses, often seen in employment contracts and policies, will meet the new requirements. To rectify this, HR professionals will need to review the basis blanket clauses relied on for processing employee data and consider whether they are still appropriate.
In order to satisfy regulations organisations may need to update their employment contracts, including those for existing employees, as well as create consent forms specifically about the GDPR.
In the case of a data breach employers must notify the relevant supervisory authority within 72 hours of becoming aware of the situation. Where it is likely to result in a high risk to rights and freedoms, employees must also be notified “without undue delay”. As a result, safeguards to data processing activities will need to be established and clear processes for notifying breaches created.
Recent judgements by the Information Commissioner have highlighted and punished organisations for the lack of training and awareness about the existing regulations. This is likely to become an ongoing theme, especially in the run up to the introduction of the GDPR. It is essential that organisations consider a comprehensive awareness campaign both with decision makers to prepare for the change and all those having access to personal information. There is an expectation that it is covered in employee onboarding and continual training programmes.
In order to comply with the new regime, it is likely significant changes for organisations will be required to ensure there are adequate systems, contractual provisions, and training in place. ‘Buy-in’ from a range of internal stakeholders is going to be essential. With penalties of up to 4% of worldwide turnover or €20m (whichever is greater) in addition to the effects a breach could have on an employer’s reputation, we strongly recommend compliance at all levels to be an urgent priority, particularly for HR professionals.
While subject access requests (SAR) exist in the current legislation there will be a reduced window to respond under the GDPR. It is highly possible that HR teams will be the first port of call for information requests, for example unsuccessful applicants, ex-employees, grievance and termination processes. HR teams need to have a robust and tested process for dealing with requests in the calendar month deadline.
If you're unsure about how the GDPR will impact your organisation or if you need some help getting your head around where to start, please contact enquiries@buzzacott.co.uk
Our HR services are designed to scale up to meet your needs exactly. Whether you need to create a best-practice HR strategy, or find fitting ways to nurture your people, our support means you won’t have to worry about smashing any crockery.
We help everyone from nuns to hedge funds. Use us as a seamless bolt-on to support your existing HR team. Or we’re happy to take the reins if you want to outsource all or part of your HR. The same goes for Learning and Development. And when you run into issues – personal or personnel – you can resolve them quickly and effectively with us on hand.
The best HR approach matches the needs and goals of your whole organisation, not just its people. Work with our HR team to design a strategy that grows with you. In fact, work with all of us – you can consult other Buzzacott specialists whenever you need to. We’re all under one roof.
Our specialist HR consultants understand best practice across multiple sectors, from charities to financial services to technology. Don’t have the time or manpower to keep up with ever-changing HR regulations? We’ll save you time and keep you legal, while you get on with business.
Our learning and development teams can help your people become the best they can be, through executive coaching or other training and support that we can tailor specifically to your business.
We use necessary cookies to make our site work. We’d also like to set optional analytics and marketing cookies. We won't set these cookies unless you choose to turn these cookies on. Using this tool will also set a cookie on your device to remember your preferences.
For more information about the cookies we use, see our Cookies page.
Please be aware:
— If you delete all your cookies you will have to update your preferences with us again.
— If you use a different device or browser you will have to tell us your preferences again.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Analytics cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.