Helping Sheffield employers get compliant

With just one week to go before the May 25th deadline of the new general data protection regulation (GDPR)

Read more Get in touch

Helping Sheffield employers get compliant

Lauren Pickard, senior associate at the firm says a significantly raised standard for consent when it comes to collecting; storing and processing personal data lies at the heart of the new legislation.

She said: “Under GDPR, data cannot be processed without a ‘lawful basis for processing’ such as consent. If consent is relied upon, every employee will have to give informed, explicit consent for personal information to be taken and they will have the right to expect total transparency about how that information is used.”

Lauren recommends that employers conduct a simple internal data-mapping exercise to establish key facts which include what information is collected, who is collecting it, how and why it is being collected – as well as how information will be used, how long it will be retained and why.

“Being equipped with vital information and facts such as with whom information will be shared; how it effects individuals concerned and whether the intended use is likely to cause individuals to object or complain – will enable employers to draw up a picture of how data flows through their organisation,” she added.

“Helping companies to understand what constitutes personal data and exactly what happens to that data, this mini audit will enable them to draw up what is known as a privacy notice – a key document setting out agreed protocols for handling different types of information within the business. The importance of a robust privacy notice cannot be underestimated and it is worth seeking expert advice to ensure it is constructed in accordance with the expectations of GDPR.”

Fines of up to €20,000,000 or 4% of a firm’s annual turnover can be imposed for non-compliance. The Keebles’ Employer GDPR Pack contains the following information:

  • Letter of advice about employer GDPR obligations;
  • GDPR Data Protection Privacy Notice;
  • GDPR Data Protection Policy;
  • Information Security Policy;
  • Subject Access Requests Policy;
  • Criminal Records Information Policy;
  • Record Retention Policy;
  • Data Mapping Advice;
  • Letter to issue to staff to notify them of the new policies and privacy notice; and
  • Privacy notice and letter specific to job applicants.

If you would like to purchase our pack or for more advice please contact Lauren Pickard on 0114 252 1410 or lauren.pickard@keebles.com

Get in touch