Data Protection

Key points

  • The General Data Protection Regulation comes into force on 25 May 2018.
  • Workers have legal right to access information that an employer may hold on them.
  • The Data Protection Act contains 8 principles that everyone responsible for using data has to follow.
  • All staff have a responsibility under the act to ensure that their activities comply with the Data Protection.
  • Data Protection applies when monitoring employee's telephone calls, emails and CCTV.
  • Employees who feel the organisation has misused information or hasn't kept it secure can contact the Information Commissioner's Office.

The European Union's GDPR (General Data Protection Regulation) comes into force in the UK on 25th May 2018. The GDPR will bring in stricter obligations that all employers must follow. The ICO (Information Commissioner's Office) has published an overview of the regulation and has a checklist of 12 steps you can take to get ready.

For more information, go to the ICO website.

Until May 25 2018, The Data Protection Act 1998 still applies. The Data Protection Act is concerned with respecting the rights of individuals when processing their personal information. This can be achieved by being open and honest with employees about the use of information about them and by following good data handling procedures. The act is mandatory and all organisations that hold or process personal data must comply.

The Data Protection Act contains 8 principles:

  • personal data should be processed fairly and lawfully
  • data should be obtained only for one or more specified and lawful purposes
  • the data should be adequate, relevant and not excessive
  • it should be accurate and where necessary kept up to date
  • any data should not be kept for longer than necessary
  • personal data should be processed in accordance with the individuals rights under the act
  • data should be kept secure
  • personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.

All staff have a responsibilities under the Act to ensure that their activities comply with the Data Protection Principles. Line managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose personal data outside the organisation's procedures, or use personal data held on others for their own purposes.

Workers have a legal right to access information that an employer may hold on them. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes. Arrangements should be in place to deal with requests as a 40 day time limit is stipulated. Information can be withheld if releasing it would make it more difficult to detect crime or the information is about national security. If an employee feels the organisation has misused information or hasn't kept it secure they can contact the Information Commissioner's Office.

Monitoring employees - CCTV, telephone calls, emails

The Data Protection Act will apply if employers are monitoring employees; for example to detect crime or excessive private use of e-mails, internet use etc. However, the act requires that workers should be aware of the nature and reason for any monitoring.

Health Information

Employers can seek to collect information regarding an employee's health if the employee freely gives consent. Employers should consider why they need the information and exactly what information is needed. This information once collected should be held securely, this could be allowing only one or two people access to the information or by password protecting it. Employers should check that the information collected can be justified.

Acas training - did you know?

Acas run practical training courses to equip managers, supervisors and HR professionals with the necessary skills to deal with employment relations issues and to create more productive workplace environments.

Try Acas Helpline Online

This automated system learns from your questions and, as more people use it, will get better at providing the most relevant answer to your query. We will be tracking any un-answered questions and, in each case, considering whether to add them to the system to help it fit your needs as closely as possible.

Ask a question

Q and A

Popular questions

Do you have a question?

Ask Helpline Online