General Data Protection Regulation (GDPR)
The General Data Protection Regulation comes into force on 25 May 2018, effectively abolishing the DPA.
The General Data Protection Regulation rules mean that employers will have to give staff more detailed information about the data they hold on them and how it’s processed.
Employers have been obliged to comply with the requirements of the Data Protection Act 1998 (DPA) for the past 20 years.
Employers are required to provide staff with the following information:
o Identity and contact details of the business.
o Where applicable, the identity and contact details of the data protection officer.
o The process of how they categorize their personal data
o Where the employer is relying on legitimate interests (or those of a third party) as the legal basis for processing.
o Any third-party sources, e.g. an agency, that the personal data originates from.
o Information on who may receive their personal data.
o Transfers to non-EEA countries and the suitable safeguards applied.
o Retention period for the personal data.
Please see the Business Advice Directory website (below) that includes the form for GDPR privacy notice and for further information.
Photo credit: MarTech Today
References: