Time to look at your HR policies

By Kimberley Barrett-St Vall, employment and HR partner at Napthens Solicitors.

The EU’s General Data Protection Regulations will make changes to the Data Protection Act 1998. Breaching the GDPR can have significant fines of up to €20m euros or 4 per cent of the global turnover.

Businesses will benefit from adopting a holistic approach to GDPR compliance across their entire organisation, factoring in IT systems, cyber security, marketing as well as HR and employment law issues.

In this article I’m taking a closer look at the part HR will have to play in GDPR compliance:

Recruitment

Your business will be under an obligation under the GDPR to provide greater detail to candidates setting out:
  • details of the data controller
  • the category of data being processed
  • the legal basis of processing
  • the recipient
  • the processor’s details
  • if the data is to be transferred outside the EEA
  • the consequences on the employee of not providing the information on the contract
If as part of your recruitment process your business uses any form of profiling, candidates must be made aware of this and its consequences.

Employers should only collect the minimum amount of information for a specific purpose and ensure the data is stored for no longer than necessary. Access should be restricted in consideration of what is necessary.

Processing Employee Data

It is common practice for employers to use the employee’s consent as the basis of processing personal data. Even prior to the GDPR this approach was criticised, as it is questionable whether consent can be given “freely in an informed fashion and specific and explicit”, given it is often conditional on the offer of employment.

Going forward you should rely on the legal basis for processing employee personal data. Businesses must ensure processing is based on one of the following:
  1. for compliance of a legal obligation e.g. payroll processing data to ensure the employee is paid
  2. for the performance of a contract e.g. processing data in the context of healthcare insurance provision
  3. based on a legitimate interest of the employer (or third party processor)
Data Subject Access Request

Post May 2018 there will be no fee to pay if employees make a data subject access request and requests must be dealt with in 30 days (currently 40). There is likely to be an increase in requests and it is important you understand how to handle these requests efficiently. The GDPR is clear - it requires employers to demonstrate compliance. I suggest this involves more than a tickbox exercise and rather a change in culture with a commitment to embrace the GDPR. Given your Data Protection Officer cannot be everywhere at all times, cascading understanding and awareness through new policies and procedures and support through training for your employees will be vital.

Enjoyed this? Read more from Lancashire Business View

Latest news

1

Morecambe shortlisted in National Visa Awards celebrating the UK’s thriving towns David Waddington and John O'Neill

Morecambe shortlisted in National Visa Awards celebrating the UK’s thriving towns

04 Jul 2025

2

County council sets out 'areas of focus for 2025-26 in document Coun Stephen Atkinson

County council sets out 'areas of focus for 2025-26 in document

04 Jul 2025

3

Warden Construction completes project to help Preston school double pupil numbers Warden Construction completes project to help Preston school double pupil numbers

Warden Construction completes project to help Preston school double pupil numbers

04 Jul 2025

4

Grant Thornton advises RJ Power Networks on sale to Ipsum Jamie Roberts

Grant Thornton advises RJ Power Networks on sale to Ipsum

04 Jul 2025

5

College principal resigns Karen Buchanan

College principal resigns

04 Jul 2025

Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
LBV123 July/August Launch Event
Lancashire Business View magazine launch
Networking
16 Jul 2025

LBV123 July/August Launch Event

Burnley

08:30 - 10:30

Lancashire Built Environment Conference 2025
BEC 315 X 315 Px
Networking
25 Sep 2025

Lancashire Built Environment Conference 2025

Blackpool Football Club, Blackpool, FY1 6HX

08:30 - 13:00

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

Tri-Site Survey Equipment Showcase
unnamed (2).jpg.jpg
LBV Hub Seminars
09 Jul 2025 - 09 Jul 2025

Tri-Site Survey Equipment Showcase

Crow Wood Hotel, Burnley, BB12 0RT

09:30 - 16:00

Blackburn Cathedral hosts Champagne and Diamonds Event with Ainsworth Jewellers
Champagne-Jewellery 10 07 25_page-0001.jpg.jpg
LBV Hub Awards
10 Jul 2025 - 10 Jul 2025

Blackburn Cathedral hosts Champagne and Diamonds Event with Ainsworth Jewellers

Blackburn Cathedral, Blackburn, BB1 5AA

18:00 - 20:30

Choose Chorley for Business - Talent Reimagined Business Breakfast
talentreimaginedbb.png.png
LBV Hub Seminars
10 Jul 2025 - 10 Jul 2025

Choose Chorley for Business - Talent Reimagined Business Breakfast

Strawberry Fields Digital Hub, Chorley, PR71PS

08:00 - 10:30

Shaping Preston's future by remembering its past
1750160034867.png.png
LBV Hub Networking
16 Jul 2025 - 16 Jul 2025

Shaping Preston's future by remembering its past

Society1, Coworking Space, Preston, PR1 3LT

18:00 - 20:30

Chamber Summer BBQ
LBV Hub Social
17 Jul 2025 - 17 Jul 2025

Chamber Summer BBQ

The Borough, Dalton Square, Lancaster, LA1 1PP

17:30 - 20:00

Preston Tech Connection: Web3 is Dead. Or is It?
July Longer Banner.jpg.jpg
LBV Hub Networking
29 Jul 2025 - 29 Jul 2025

Preston Tech Connection: Web3 is Dead. Or is It?

Society1, Coworking Space, Preston, PR1 3LT

18:00 - 19:30

Preston Freelancer Meet-Up: July
Longer July Banner.jpg.jpg
LBV Hub Networking
31 Jul 2025 - 31 Jul 2025

Preston Freelancer Meet-Up: July

Society1, Coworking Space, Preston, PR1 3LT

10:00 - 11:30

Cumbria Business Expo 2025
https---cdn.evbuc.com-images-880461633-4862066883-1-original.20241022-110415.jpeg.jpg
LBV Hub Exhibitions
19 Sep 2025 - 19 Sep 2025

Cumbria Business Expo 2025

Carlisle Racecourse, Carlisle, CA2 4TS

09:00 - 15:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more LBV122 Online Graphic
Subscribe now

Weekly news bulletin