Changes to Data Protection Laws

Home Articles Editor Picks Changes to Data Protection Laws

Data protection – granted, not the juiciest area of employment law for employers to deal with – will undergo extensive changes next year which will affect every employer in the country.

The European General Data Protection Regulation will be introduced in May 2018 but employers are being urged to begin to take practical steps now to ensure they are not caught unawares next year.

What Is Data Protection?

The Data Protection Act 1998 provides a structure to ensure that data processors process the data of their subjects in a lawful way. Employers are, for these purposes, data processors and the data subjects are their employees.

‘Data’ is information that is processed by means of computer or recorded in a relevant filing system. It is further classified as ‘personal data’ which is information from which the identity of the individual to whom it relates can be identified, and ‘sensitive personal data’ which is data relating to, amongst other things, a person’s race, any disability, sexual orientation, health condition etc.

Data Principles

The Act creates 8 data protection principles which employers must stick to when processing data. Employers must, for example, ensure data is kept accurate and up to date, be processed fairly and not kept for any longer than necessary.

What is Changing?
Some of the main changes affecting employers from May 2018 will be:

  • Employers must obtain explicit consent from employees to processing their data. Reference to consent which is buried within an employee handbook will not be sufficient. Employees must also be informed of their right to withdraw consent.
  • Employers dealing with subject access requests (where employees request sight of the personal data kept on them) will no longer be able to charge the employee £10 as standard. Charges may only be applied where the request is excessive.
  • Information requested in the subject access request must be provided by employers as soon as possible and within a month at the most. Currently, a 40 day deadline applies.
  • Breaches of data protection laws will carry a fine of up to the highest of 4% of annual global turnover or €20 million.
  • Data protection risk assessments must be carried out when employers begin a new project or new strategy.
  • Breaches will have to be notified within 72 hours.

What Should Employers Do Now?

The Information Commissioner – the body which presides over data protection in Great Britain – has issued guidance for employers on how to prepare for the changes. Amongst other things, it suggests employers:

  • Make themselves aware of the changes and the impact they will have.
  • Document what personal data they hold and how they share it.
  • Determine where changes will be needed to relevant company documentation.
  • Plan how they will need to deal with subject access requests.
  • Review how consent to processing is obtained.
Brexit Impact

Now we are a little more knowledgeable of the Brexit timeline, it is appropriate to consider its impact on this new legislation. For as long as the UK remains in the EU, it must comply with EU legislation. However, it is plausible that the UK Government will make changes to this law once it has left.


Social Media

Latest Posts

RIDDOR Landing page v x

What are RIDDOR Regulations & What are Employer’s Responsibilities for RIDDOR Reportable Incidents?

Firstly many people ask what RIDDOR means, RIDDOR stands for reporting injuries diseases, and dangerous occurrences. Accidents at work can happen, even with the best …

An Employer Guide to Disciplinary Action and Police Investigations

An Employer’s Guide to Disciplinary Action and Police Investigations

Without wishing to delve too heavily into the current (alleged) political shenanigans, there has been much discussion about the announcement of an investigation by the …

covid vaccine 800x296 1

Your Complete Guide to Mandatory Covid-19 Vaccinations

Earlier this month the government announced that The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 amendment had been passed by Parliament. The …

working from home

Can employers adjust sick pay for unvaccinated workers?

Can employers adjust sick pay for unvaccinated workers? There has been a lot of media coverage recently about various companies who are reducing sick pay …

working from home

Working from home: FAQs for employers

This week the Prime Minister, Boris Johnson announced the implementation of Plan B of its COVID-19 winter response due to rising numbers of COVID-19 cases …