Directory results

 
1 to 10 of 23 articles
  • Employment - GDPR data processor clauses
    GDPR data processor clausesIf you use any third-party processors to handle employees' personal data, you must by law include a number of key written terms governing data protection in the commercial contracts you enter into with them.Processor obligationsAs an employer, you're a "controller" in relation to your employees' personal data. However, you might also engage one or more third-party service providers, e.g. outsourced payroll or IT services and pension scheme or staff benefits providers. If they process...
    Click here
  • Employment - GDPR personal data breaches register
    GDPR personal data breaches registerThe EU General Data Protection Regulations (GDPR) requires you to document all personal data breaches, whether they're notifiable to the Information Commissioner's Office (ICO) or not. Use our register to do this.Mandatory registerUnder the GDPR, you must record all personal data breaches in a register, regardless of whether they're notifiable to the ICO. So, even if you decide that a data breach is unlikely to result in a risk to the rights and freedoms of individuals and...
    Click here
  • Employment - GDPR letter notifying personal data breach
    GDPR letter notifying personal data breachAs well as notifying the Information Commissioner's Office (ICO), certain personal data breaches must also be notified to affected data subjects. Your notification to them must, as a minimum, describe the nature of the data breach, the likely consequences of it and the measures you've taken or are taking to address it. It must also set out contact details if the data subject wants to obtain further information.Notification requirementsUnder the EU General Data Protection...
    Click here
  • Employment - GDPR register of data subject access requests
    GDPR register of data subject access requestsThe GDPR requires you to demonstrate that you're complying with the data protection principles. Maintaining a GDPR register of data subject access requests can help you show that you're observing subject access rights.AccountabilityThe EU General Data Protection Regulation (GDPR) requires you to demonstrate that you're complying with the six data protection principles. This is known as the principle of "accountability". It's not obligatory to maintain a central register...
    Click here
  • Employment - Letter to ex-employee threatening to contact ICO
    Letter to ex-employee threatening to contact ICOUse our letter where you believe a former employee has taken personal data with them on leaving employment, such as client records, without your permission. Unlawfully obtaining personal data is a criminal offence prosecuted by the Information Commissioner's Office (ICO), so threatening to contact the ICO should hopefully secure the return of the data.Criminal offenceUnder the Data Protection Act 2018 it's a criminal offence to knowingly or recklessly obtain or...
    Click here
  • Employment - References consent form
    References consent formOur references consent form enables the prospective employee to provide the names and contact details of their referees and then asks them to sign a consent to secure the release of references from their referees. For future referenceAlways take up references, regardless of how ideal for the job a prospective employee appears to be. It's not unknown for candidates to lie on applications forms or at interview or to have overstated their abilities. Seek at least two written references (three...
    Click here
  • Employment - Change of circumstances form
    Change of circumstances formSometimes employees forget, or deliberately fail, to disclose an important change in their personal circumstances. Our change of circumstances form covers this situation and helps you meet your legal obligations under the EU General Data Protection Regulation.EU General Data Protection RegulationThe EU General Data Protection Regulation (GDPR) contains six basic data protection principles that employers must comply with when processing their employees' personal data. The fourth principle...
    Click here
  • Employment - GDPR data breach policy and response plan
    GDPR data breach policy and response planUse our document to ensure the prompt and effective detection, investigation, reporting and resolution of personal data breaches.Personal data breachUnder the EU General Data Protection Regulation (GDPR), certain personal data breaches must be notified to the Information Commissioner's Office (ICO) and sometimes affected data subjects need to be told too. A personal data breach is a "breach of security leading to the accidental or unlawful destruction, loss, alteration,...
    Click here
  • Employment - GDPR data subject access response letter
    GDPR data subject access response letterUse our GDPR data subject access response letter to set out your reply to a data subject access request that's been made under the GDPR.Response requirementsThe EU General Data Protection Regulation (GDPR) enables individuals to access the personal data that you hold about them by making a data subject access request (DSAR). In response to a DSAR, you must provide confirmation as to whether their personal data are being processed by you, access to copies of their requested...
    Click here
  • Employment - GDPR employee monitoring clause
    GDPR employee monitoring clauseInsert our clause into employees' employment contracts to reserve the right to monitor their use of your communications and computer systems. You'll need a lawful basis for processing and you must limit monitoring to the minimum amount necessary to achieve your aims.ConsentUnder the EU General Data Protection Regulation (GDPR), you can no longer rely on an employee's consent to monitor their use of your communications and computer systems. So, if you have a consent clause in employment...
    Click here
 
1 to 10 of 23 articles