From 25 May 2018, General Data Protection Regulation (GDPR) will be implemented, which aims to harmonise data protection laws across the EU. There will be significant penalties for breaches, potentially up to €20million or 4% of a companies annual worldwide turnover. However, the level of fine will undoubtedly depend on the type of breach and any mitigating factors.
Whilst currently employers are required to provide certain information to employees and job applicants, under the GDPR, employers will also need to provide the following:
- how long data will be stored for
- if data will be transferred to other countries
- information on the right to make a subject access request
- information on the right to have personal data deleted or rectified in certain instances.
Now is the time to be undertaking data audits to see what information you hold and what you will be processing as well as revising your employment contracts, policies and processes to ensure that you are compliant and that you have obtained the necessary consent.