GDPR Countdown Week 10: Privacy Notices (10 weeks to go)
12 Week Countdown to GDPR continues…
An important part of our first two updates related to the need to know what data you (as an employer) have/receive and what you do with it.
Under GDPR you will be required to inform data subjects of what you will do with their data upon receipt or within a month of receipt. You will do this through Privacy Notices and there are specific issues you will have to address.
Receipt of personal data can occur at any time but our advice to employers is to get systems in place to ensure that Privacy Notices (or at least links to them) are sent to data subjects at the times you normally receive personal data. The main two situations for employers are:
- Applicants for employment/engagement; and
- New starting employees.
Applicants will usually complete an application form and provide a CV, both of which are likely to include personal data such as names, addresses, telephone numbers and nationality.
New starters will have to provide you with the same data above as well as other information such as bank account details, National Insurance numbers, Right to Work documentation and often medical information establishing fitness to work.
Both these situations will need Privacy Notices setting out issues such as:
- the identity and contact details of the Data Controller
- the legal basis for processing
- the categories of personal data being processed (if received from a third party)
- who will receive/have access to the data
- length of time the data will be stored
- data subject rights
The audit referred to in our first update email will assist the compilation of these notices.
Should you require any guidance on this issue, please do not hesitate to contact firstname.lastname@example.org or your normal Weightmans contact.