Menu
GDPR / DPA

GDPR/DPA 2018 – are you demonstrating compliance?

| Published on August 17, 2018

GDPR/DPA 2018 – are you demonstrating compliance?


It has been almost three months since the Data Protection Act (DPA) 2018 came into force. The DPA 2018 incorporates the EU General Data Protection Regulation (GDPR) into UK Law with the aim of ensuring that the UK and EU data protection regimes are aligned post-Brexit.

The dust is now starting to settle, and the navigation of the new data protection requirements is hopefully a little easier. It is imperative that employers goes through their core documents and policies such as, contracts of employment, data protection policies and IT & communication systems policies, to ensure they are compliant. This would be a good time to have a general review of all employment contracts and policies.

The GDPR/DPA 2018 brings considerable changes to Data Protection Law in the UK and across the European Economic Area (EEA). Whilst the concept of data protection is not new, it is important to ensure that everyone in the organisation is aware of the new requirements and their obligations and that the importance of data protection compliance is understood.

In order to comply with the new data protection requirements under the GDPR/DPA 2018 employers should:-

  • Undertake an audit of their systems and records to identify any personal data they are holding, how it is used, processed and stored. A new ‘right to be forgotten’ has been introduced by the GDPR/DPA 2018 and employers need to check whether it is still necessary to continue storing an employee’s personal data/sensitive personal data to fulfil the purposes for which it was collected.
  • Replace any current Data Protection Policy with a new Data Protection Policy/Privacy Standard.
  • Provide a Privacy Notice to employees, workers and contractors to notify them about the personal data that the employer holds relating to them, how they can expect their personal data to be used and for what purposes.
  • Provide a Candidate Privacy Notice to individuals applying for jobs or assignments to notify them about the personal data that the employer proposes to hold relating to them, how they can expect their personal data to be used and for what purposes.
  • Amend any clauses, in contracts of employment and policies that relate to the processing of personal data/sensitive personal data, the disclosure of medical reports or monitoring of employees.
  • Issue an updated contract and/or a letter seeking the employees’ agreement to the changes to their terms of employment.
  • Train staff.

If you need any assistance with your GDPR compliance, please contact our Employment team headed up by Audrey Spencer on 01202 725400 or a.spencer@hklaw.eu

Latest News