Directory results

 
1 to 10 of 24 articles
  • Employment - GDPR data protection policy
    GDPR data protection policyOur data protection policy statement reiterates the important data protection principles set out in the GDPR, outlines out how you intend to comply with them and clarifies what rights and obligations an employee has both in relation to their own personal data and when handling other people's personal data.Data protection principlesThe General Data Protection Regulation (GDPR) requires you to comply with six data protection principles in your data processing activities. These say that...
    Click here
  • Employment - GDPR legitimate interests assessment
    GDPR legitimate interests assessmentIf you intend to rely on legitimate interests as your lawful basis for processing certain personal data, you should first conduct a GDPR legitimate interests assessment.Lawful basis for processingTo process personal data, under the GDPR you always need a lawful basis for processing. The three most relevant in the employment context are that the processing is necessary: (1) for performance of a contract, e.g. an employment contract, or to enable you to take steps at the data...
    Click here
  • Employment - GDPR data protection impact assessment
    GDPR data protection impact assessmentA data protection impact assessment is required where a new type of processing is likely to result in a high risk to the rights and freedoms of data subjects. Use our document as your starting point.What's a DPIA?A data protection impact assessment (DPIA) is a risk assessment tool which can help you to identify, assess and mitigate risks to personal data with new data processing activities. You must conduct a DPIA where a type of processing, e.g. the adoption of a new process...
    Click here
  • Employment - GDPR consent to use of employee's image
    GDPR consent to use of employee's imageNormally, you can't rely on an employee's consent as the lawful basis for processing their personal data. However, using their image in marketing materials can be an exception if they have a genuine choice about whether to consent.Personal dataObtaining an individual's written consent to the processing of their personal data is one way in which you can show that your processing is lawful under the GDPR. In relation to special category personal data, one of the additional...
    Click here
  • Employment - GDPR data processor clauses
    GDPR data processor clausesIf you use any third-party processors to handle employees' personal data, you must by law include a number of key written terms governing data protection in the commercial contracts you enter into with them.Processor obligationsAs an employer, you're a "controller" in relation to your employees' personal data. However, you might also engage one or more third-party service providers, e.g. outsourced payroll or IT services and pension scheme or staff benefits providers. If they process...
    Click here
  • Employment - GDPR personal data breaches register
    GDPR personal data breaches registerThe General Data Protection Regulations (GDPR) requires you to document all personal data breaches, whether they're notifiable to the Information Commissioner's Office (ICO) or not. Use our register to do this.Mandatory registerUnder the GDPR, you must record all personal data breaches in a register, regardless of whether they're notifiable to the ICO. So, even if you decide that a data breach is unlikely to result in a risk to the rights and freedoms of individuals and doesn't...
    Click here
  • Employment - GDPR letter notifying personal data breach
    GDPR letter notifying personal data breachAs well as notifying the Information Commissioner's Office (ICO), certain personal data breaches must also be notified to affected data subjects. Your notification to them must, as a minimum, describe the nature of the data breach, the likely consequences of it and the measures you've taken or are taking to address it. It must also set out contact details if the data subject wants to obtain further information.Notification requirementsUnder the General Data Protection...
    Click here
  • Employment - GDPR register of data subject access requests
    GDPR register of data subject access requestsThe GDPR requires you to demonstrate that you're complying with the data protection principles. Maintaining a GDPR register of data subject access requests can help you show that you're observing subject access rights.AccountabilityThe General Data Protection Regulation (GDPR) requires you to demonstrate that you're complying with the six data protection principles. This is known as the principle of "accountability". It's not obligatory to maintain a central register...
    Click here
  • Employment - Letter to ex-employee threatening to contact ICO
    Letter to ex-employee threatening to contact ICOUse our letter where you believe a former employee has taken personal data with them on leaving employment, such as client records, without your permission. Unlawfully obtaining personal data is a criminal offence prosecuted by the Information Commissioner's Office (ICO), so threatening to contact the ICO should hopefully secure the return of the data.Criminal offenceUnder the Data Protection Act 2018 it's a criminal offence to knowingly or recklessly obtain or...
    Click here
  • Employment - References consent form
    References consent formOur references consent form enables the prospective employee to provide the names and contact details of their referees and then asks them to sign a consent to secure the release of references from their referees. For future referenceAlways take up references, regardless of how ideal for the job a prospective employee appears to be. It's not unknown for candidates to lie on applications forms or at interview or to have overstated their abilities. Seek at least two written references (three...
    Click here
 
1 to 10 of 24 articles