GDPR

GDPR – important changes coming into force in May 2018

New data protection requirements under the General Data Protection Regulation (GDPR) come into effect across the UK on 25 May 2018. It brings significant changes employers need to be aware of.

The GDPR harmonises data protection laws across the EU and updates the current 20-year-old regime to take account of globalisation and the ever-changing technology landscape. It will be applied in the UK despite Brexit to all companies and any company processing the personal data of individuals in the EU in relation to offering goods, services or to monitoring their behaviour.

There will be heavy penalties imposed on employers that breach the GDPR rules. Fines will be up to €20 million or 4% of annual worldwide turnover, whichever is greater.

New changes will regard job applicants and employees to be provided by employers more detailed privacy notice. Under GDPR employers will be obliged to provide information including:

• how long data will be stored for;

• if data will be transferred to other countries;

• information on the right to make a subject access request; and

• information on the right to have personal data deleted or rectified in certain instances.

Employers will be obliged to report any data breach (for example accidental/unlawful loss, disclosure of personal data). Employers will have 72 hours to notify and provide certain information to the data protection authority. In case where that breach poses a high risk to the rights and freedoms of the individuals, those individuals will have to be informed.

Although the GDPR will be effective from 25th May 2018 organisations should start preparing now.

We will be happy to assist your organisation to understand and implement new rules under GDPR. Please get in touch today.