More Headaches and Red Tape for Employers: The General Data Protection Regulation (GDPR).

The less than eagerly awaited GDPR comes into force in UK law on 25 May 2018. Given the far-reaching implications of the GDPR, in particular for employers, it is imperative that businesses are taking early steps to ensure compliance with the new regime.

The GDPR will give employees greater powers over access to their personal data being held by the employer. They will have the right to request details to be rectified, restricted or even erased. Employers will not only have to manage these new rights but will also have to respond to any requests within a tighter maximum timescale of one month. Obviously this has real potential to drive costs upwards and increase the need for additional resources for business owners and employers alike.

All employers would be well advised at this moment in time to undertake an assessment and start to plan for the implementation of the GDPR in May 2018. Analyse and consider what your business's current practice actually is. Review policies and procedures and ensure that appropriate records of training and guidance are put in place prior to implementation of the GDPR.

It would be prudent for larger employers to put together a compliance team whose objective it would be to ensure that the business is in a position to meet the new standards in May 2018.

Consideration should also be given to smarter methods of accessing data by employees in order to reduce management time and costs in dealing with requests. Smarter use of technology could assist this process. Of course, it is imperative that commercial and confidentiality aspects are taken into account in determining what form and to what extent access is permitted.

Small businesses would be well advised to designate an individual with specific responsibility for ensuring compliance with the GDPR.

In summary businesses of all sizes will have to consider very carefully what personal data is being processed from the cradle to grave in terms of employment and devise and implement smart policies and procedures to ensure compliance.

Of course having policies and procedures in place is only part of the equation and ongoing compliance will have to be monitored and promoted internally.

If you would like to discuss the implications of GDPR for employers please contact Alan Strain.

Disclaimer 
The matter in this publication is based on our current understanding of the law.  The information provides only an overview of the law in force at the date hereof and has been produced for general information purposes only. Professional advice should always be sought before taking any action in reliance of the information. Accordingly, Davidson Chalmers LLP does not take any responsibility for losses incurred by any person through acting or failing to act on the basis of anything contained in this publication.