Time to look at your HR policies

By Kimberley Barrett-St Vall, employment and HR partner at Napthens Solicitors.

The EU’s General Data Protection Regulations will make changes to the Data Protection Act 1998. Breaching the GDPR can have significant fines of up to €20m euros or 4 per cent of the global turnover.

Businesses will benefit from adopting a holistic approach to GDPR compliance across their entire organisation, factoring in IT systems, cyber security, marketing as well as HR and employment law issues.

In this article I’m taking a closer look at the part HR will have to play in GDPR compliance:

Recruitment

Your business will be under an obligation under the GDPR to provide greater detail to candidates setting out:
  • details of the data controller
  • the category of data being processed
  • the legal basis of processing
  • the recipient
  • the processor’s details
  • if the data is to be transferred outside the EEA
  • the consequences on the employee of not providing the information on the contract
If as part of your recruitment process your business uses any form of profiling, candidates must be made aware of this and its consequences.

Employers should only collect the minimum amount of information for a specific purpose and ensure the data is stored for no longer than necessary. Access should be restricted in consideration of what is necessary.

Processing Employee Data

It is common practice for employers to use the employee’s consent as the basis of processing personal data. Even prior to the GDPR this approach was criticised, as it is questionable whether consent can be given “freely in an informed fashion and specific and explicit”, given it is often conditional on the offer of employment.

Going forward you should rely on the legal basis for processing employee personal data. Businesses must ensure processing is based on one of the following:
  1. for compliance of a legal obligation e.g. payroll processing data to ensure the employee is paid
  2. for the performance of a contract e.g. processing data in the context of healthcare insurance provision
  3. based on a legitimate interest of the employer (or third party processor)
Data Subject Access Request

Post May 2018 there will be no fee to pay if employees make a data subject access request and requests must be dealt with in 30 days (currently 40). There is likely to be an increase in requests and it is important you understand how to handle these requests efficiently. The GDPR is clear - it requires employers to demonstrate compliance. I suggest this involves more than a tickbox exercise and rather a change in culture with a commitment to embrace the GDPR. Given your Data Protection Officer cannot be everywhere at all times, cascading understanding and awareness through new policies and procedures and support through training for your employees will be vital.

Enjoyed this? Read more from Lancashire Business View

Latest news

1

Pleasure Beach Resort takes home four prizes at UK Theme Park Awards Pleasure Beach Resort’s David Hill, head of rides, and Stuart Cumming, marketing manager with the awards

Pleasure Beach Resort takes home four prizes at UK Theme Park Awards

18 Sep 2025

2

Brookhouse Aerospace invests more than £500k in additional machinery to support growth Brookhouse Aerospace machining facility

Brookhouse Aerospace invests more than £500k in additional machinery to support growth

18 Sep 2025

3

Growth Plan maps out £20bn-plus investment journey Mo Isap from the Lancashire Business Board with the plan

Growth Plan maps out £20bn-plus investment journey

18 Sep 2025

4

Post Office future secured as council explores new options Abington Street Post Office

Post Office future secured as council explores new options

17 Sep 2025

5

Airframe Designs supports new defence strategy with pledge to nurture talent Jerrod Hartley

Airframe Designs supports new defence strategy with pledge to nurture talent

17 Sep 2025

Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
LBV124 September/October Launch Event
MBP Arc Cinema Preston Opening 205
Networking
18 Sep 2025

LBV124 September/October Launch Event

The Arc Cinema, Preston, PR1 2BL

08:30 - 10:30

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

Ladies Lunch
Lancs-cham-logo.jpg.jpg
LBV Hub Networking
18 Sep 2025 - 18 Sep 2025

Ladies Lunch

Lancaster Golf Club, Lancaster, LA2 0AJ

12:00 - 16:00

Cumbria Business Expo 2025
https---cdn.evbuc.com-images-880461633-4862066883-1-original.20241022-110415.jpeg.jpg
LBV Hub Exhibitions
19 Sep 2025 - 19 Sep 2025

Cumbria Business Expo 2025

Carlisle Racecourse, Carlisle, CA2 4TS

09:00 - 15:00

Preston Freelancer Meet-Up: September
Sept Freelancer (1).png.png
LBV Hub Networking
23 Sep 2025 - 23 Sep 2025

Preston Freelancer Meet-Up: September

Society1, Coworking Space, Preston, PR1 3LT

10:00 - 11:30

Your Business, Your Region: Making sense of devolution and Local Government Reorganisation
Chorley Council breakfast event new
LBV Hub Networking
23 Sep 2025 - 23 Sep 2025

Your Business, Your Region: Making sense of devolution and Local Government Reorganisation

Worden Hall, Leyland, PR25 3DH

08:00 - 11:00

Speed Networking with BNI
2.png.png
LBV Hub Networking
24 Sep 2025 - 24 Sep 2025

Speed Networking with BNI

Chorley Football Club, Chorley, PR7 3DU

16:00 - 19:00

Making Tax Digital for Income Tax Self Assessment (MTD for ITSA) drop-in day
MTD drop in session.jpg.jpg
LBV Hub Seminars
25 Sep 2025 - 25 Sep 2025

Making Tax Digital for Income Tax Self Assessment (MTD for ITSA) drop-in day

Making Tax Digital for Income Tax Self Assessment (MTD for ITSA) drop-in day, Blackburn, BB1 5QB

10:00 - 16:00

The Marketing Metrics That Matter – Sept 25
Metris 25.09.png.png
LBV Hub Seminars
25 Sep 2025 - 25 Sep 2025

The Marketing Metrics That Matter – Sept 25

Door4 Office, Burnley Wharf, Burnley, BB11 1JG

09:00 - 11:00

The Marketing Meetup IRL: Lancashire - September
TMM Lancashire
LBV Hub Networking
25 Sep 2025 - 25 Sep 2025

The Marketing Meetup IRL: Lancashire - September

Chorley, PR7 2SL

18:00 - 20:00

Help to grow management course
Help to grow - barriers to growth.png.png
LBV Hub Seminars
26 Sep 2025 - 16 Dec 2025

Help to grow management course

Preston Campus , Preston , PR1 2HE

09:00 - 15:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more LBV124 Online Graphic
Subscribe now

Weekly news bulletin