Hello, you're watching Addleshaw Goddard's Employment Channel.

News: 15 December 2017

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation - or GDPR for short - is an EU Regulation due to come into force on 25 May 2018. The GDPR is going to impose greater data protection obligations on European organisations, including more reporting requirements and higher penalties for breaches. The UK has confirmed that it will be implementing the GDPR, as it'll still be a member of the EU on this date. In August this year, the government published the first draft of a new Data Protection Bill which will brin g the GDPR into UK law and establish the UK's position on data law post-Brexit.

In today's programme, we summarise the key changes for HR under the GDPR and suggest some specific action points to consider before the GDPR comes into force next year.

We're delighted to welcome Helena Brown, a Partner in our Data Protection team, to tell us more about the forthcoming changes and the steps that HR teams can be taking to prepare for 25 May 2018.

1. DSARs under the GDPR

  • 10 fee abolished
  • Must respond within 1 month

2. Monitoring

  • Increased transparency
  • Enhanced fair processing notices
  • Update handbook/policies

3. Can consent be relied upon?

  • Consent unlikely to be valid
  • Use enhanced fair processing notices

4. What should you do now?

  • Review / update contracts
  • Update fair processing statements
  • Update policies Understand the new subject access rights and prepare your teams for the changes

Thanks Helena! There's obviously plenty to be thinking about over the next few months then. Finally, it's also worth mentioning that personal data breaches will need to be reported within just 72 hours to the UK's Information Commissioner. AND, with the maximum fine standing at 4% of global annual turnover or 20m whichever is the greater the potential penalties under the GDPR are pretty headturning. However, the Information Commissioner has said that these top-tier fines will only be for the most serious of breaches and won't be handed out for smaller infractions. You'll find our guide to the GDPR in the pack of supporting materials to this programme. We expect to be adding to this during the course of next year, so please do just get in touch with us if there's anything we can do to help you to prepare for the changes in May.


That's all for today from Addleshaw Goddard's Employment Channel! Thank you for watching, and see you next time.