June 15

Employers should embrace the 2018 World Cup…..!

Employers should embrace the 2018 World Cup…….!

The 2018 World Cup gets underway this week and should be an opportunity to generate a good feeling in the workplace and boost staff morale, wellbeing and productivity rather than focussing on how to prevent ‘sickies!’

There are 63 matches across the tournament, and whilst the first of the England games take place outside of the ‘traditional’ working day of nine-to-five and at weekends, fans that support different teams may of course be keen to see their own matches which may take place during work time.

In addition, England fans may want to watch other big games which may also be played during the working day.

Equally, as the games take place in different Russian time zones, there is a mixture of starting times. Weekend and shift workers may also be on the roster when their team’s game is being shown.

England’s games in the first stage of 2018 World Cup are as follows:

Monday 18th June England v Tunisia
Thursday 28th June England v Belgium
Sunday 24th June England v Panama

Kick-off time for both weekday games is 7pm.

The concern is that staff sick days and unscheduled absences are likely to rise on or around these days, as staff take their seats in front of the TV to watch England play live.

The best employers will be those that take a proactive approach to these events as follows:

· Create temporary flexible working for the duration of the tournament
· Allow late starting or early finishing on match days
· Stage World Cup events in the office by setting up screens to show the matches
· Run a sweepstake to ensure all staff feel involved
· Plan in advance how to respond to multiple and last minute holiday requests!
· Allow employees to watch lunch time matches and then stay late to make up time
· Allow employees to listen or watch games online on work devices
· Permit the streaming of games on employees’ own mobile devices

If you have a diverse workforce, make sure any temporary flexible arrangements are also available to them to watch their own national team play in the World Cup.

Taking positive steps to manage the workplace impact of the World Cup can have a beneficial effect on employee relations. As well as allowing staff to watch matches, employers could:

· put up special decorations in the office, such as flags of the countries involved;
· relax dress codes, including allowing football shirts to be worn; and
· provide refreshments during games.

Giving staff the opportunity to watch or celebrate major events is a really great way of engaging and motivating the whole team!!

June 5

Annual appraisals – positive or pointless….?

The appraisal system is frequently a source of frustration for all concerned, be that HR professionals, managers or employees, many of whom view it as a box ticking exercise with no meaningful or positive outcome. In many organisations, this is not far from the truth.

However, an appraisal system, with careful planning, conduct and follow-up, can lead to positive results: an employee’s performance, efficiency and motivation can increase, and inevitably their employer will feel the benefit in terms of improved output. The key aim is to ensure that appraisals support performance rather than focus on the negative.

Legally speaking

Unfortunately, many managers shy away from difficult conversations, leading to little or no discussion of any problems with employees. Appraisal scores are then awarded in a similar, noncommittal basis making the whole process meaningless.

There’s no legal requirement for employees to be appraised. However, fairly dismissing an employee for poor performance without formal appraisals will be difficult, as the issues are unlikely to have been documented. Indeed, the employee may be oblivious of their shortcomings (and therefore not have been given an opportunity to address them). Similarly, appraisal scores can be useful tools in redundancy selection processes, but if everyone has similar scores then their value is minimal.

Annual or ongoing appraisals?

An annual appraisal has been likened to throwing darts at a dartboard blindfolded, and only being shown your score 12 months later. Both positive and negative experiences will have faded, and the opportunity to learn from mistakes or to capitalise on successes may have been lost.

In recent years there has been an increasing trend for businesses to move away from the traditional annual appraisal to a process of ongoing performance review or “mini” appraisals throughout the course of the year. An ongoing process can be more manageable and meaningful for all concerned.

Training

To maximise the benefits of the appraisal process, it’s vital that both employees and managers participate fully (many employees view it as one sided), and that they understand what they are doing, why and how. Often there is an incorrect assumption that a manager – simply because they are a manager – will know how to conduct an appraisal. Training can help them to understand their role and how to get the best from the process.

Preparation

Appraisals often focus on the negatives. If employees and managers prepare beforehand (with the employee completing a self-assessment and the manager completing a pre-appraisal form) this can provide a structure, allowing the highs – as well as the lows – of the employee’s performance to be discussed.

Conducting an appraisal

During appraisals it’s important to consider whether the employee has met their targets, but it’s equally key to explore how the employee has met those targets – what skills have they used and how can they be improved?
Remembering that the appraisal is a two-way process, and allowing the employee a full opportunity to have their say is vital.

After the Appraisal

Too often, everyone breathes a sigh of relief after the appraisal, and the forms get filed neatly away. Yet the real value in appraisals is setting a path for the future and helping the employee to progress. This is where the “mini” or ongoing appraisal system can be particularly helpful.

Ideally, the employee and manager should agree on a small number of specific, unambiguous, action points (three to five objectives is ideal), which are followed up periodically throughout the year.

For help devising your appraisal form or process, or if you are considering using an external person to conduct your appraisals, please get in touch with Nicola on 07917 878384 or nicola.goodridge@goodhr.co.uk

May 11

Employers…how to stay in line with GDPR when recruiting…..

During your recruitment process it is essential that you handle job applicant data in accordance with the strict new rules under the GDPR. The GDPR demands certain requirements as to the transparency about the processing and the communication with the job applicant.

This can be communicated in a privacy statement tailored specifically for job applicants.

Which requirements need to be met by a privacy statement?

A privacy statement must have the following characteristics:
• concise
• transparent
• easy to understand
• easy to access

These requirements should ensure that the candidate knows exactly where (s)he stands according to the protection of his or her data.

Additional and more specific requirements may apply, depending on the way data is being collected:

• Direct data collection is when the candidate inserts his data himself, for example via an application form.
• Indirect data collection is when a recruiter takes data, for example, from a candidate’s LinkedIn profile.

Direct processing of personal data

When data is being collected directly from the candidate, the privacy statement needs to be provided before or at the moment the data is being transferred. You can manage this by inserting a link to the privacy statement in the application form.

The privacy statement should at least contain the following information:

• the data processor’s identity and contact information
• the goal and legal foundation for the processing
• the data processor’s legitimate interest
• the possible recipients (or categories of recipients) of the personal data
• information regarding the forwarding of personal data to a third country (outside the EU), if that’s the case
• the storage period or the criteria that are being used to determine the storage period
• the person concerned needs to be informed about his/her rights
• the person concerned needs to be informed about his/her right to withdraw his/her approval for the processing of data
• the person concerned needs to be informed that he/she has the right to file a complaint
• it needs to be declared if automated decisions will be made

Indirect processing of personalised data

If data is collected indirectly, for example via LinkedIn, the same requirements as illustrated above apply. Additionally, it needs to be indicated which type of data (category) were processed and which source has been used.

If the personal data are being processed with the goal to communicate with the person concerned, this information needs to be provided at the moment of the first contact.
Also, if the personal data is being forwarded to third parties, the person concerned needs to be informed, at the latest when the data is being shared with third parties.

Identity and contact information

Both the identity and the contact information of the person who is in charge of the data processing need to be stated in the privacy statement.

Legal basis of the processing

In order to process personal data, there needs to be a legal basis for the processing. The following mentioned requirements need to be fulfilled:

• the person concerned has given their approval for the data processing
• the processing is necessary for the execution of a contract
• the processing is necessary for the data processor’s compliance with legal obligations
• the processing is needed for the protection of the parties’ vital interests
• the processing is necessary for the execution of a task
• the processing is necessary to comply with the legitimate interests of the person in charge of the processing

Storage period

Personal data may not be stored any longer than for the sole purpose of the collection. In general, data collected during the recruitment process should be deleted as soon as it becomes clear that the candidate won’t be hired.

If you want to store the candidate’s data for future offers, you need to inform them beforehand and be ready to delete it if they change their mind.

If you would like a privacy statement for the purposes of recruitment, please email me nicola.goodridge@goodhr.co.uk or call me on 07917 878384.

May 2

Can an employer dismiss an employee due to long term sickness?

It’s a common thought that employers are expected to keep a sick employee’s job open indefinitely. However this is not the case – although it is necessary to follow a fair procedure to manage a long term absence situation. If you proceed towards a dismissal you will potentially have to show that the dismissal was justified and fair after properly exploring all the options open to you.

What to consider when terminating employment on the grounds of ill health

An employment tribunal will consider if you have followed an appropriate procedure and would suggest you do the following before considering dismissal on grounds of ill health:
• Ensure the absence has been dealt with in accordance with your absence and capability policy
• Keep in touch with the employee regarding their condition and their prospects of a return to work.
• With the staff member’s permission, commission a report from an occupational health practitioner.
• In conjunction with occupational health guidance, formally review the role and the individual’s capability and decide whether adjustments can be made.
• Consider whether there is another job available in the company which the employee could do.
• Consider whether the job can be done part-time with recruitment if necessary.
• Assess the information available and determine whether the employee’s return to work can be facilitated.
• If a partial return to work can be considered, develop an “induction” or phased–in process.
• Keep in contact after a return.

Alternatively, after following the guidance above, in the event that no return to work date is foreseeable or suitable alternative employment cannot be found or reasonable adjustments or modifications to the workplace are not practical or possible, termination on grounds of ill health may result.

An important case in 2017 helpfully made the following points for employers to use when deciding whether to, and how to, fairly dismiss on the grounds of ill health:

• It is not necessarily unfair for an employer to decide that the time has come to dismiss an employee who has been absent for over 12 months with no certainty as to when the employee will be able to return. While an employee can easily advance the argument “give me a little more time and I am sure I will recover”, there comes a time when an employer is entitled to some finality.

• The severity of the impact on the employer of an employee’s continued absence must be a significant element when determining the point at which dismissal becomes justified. A tribunal considering a long-term sickness absence dismissal will expect some evidence of the disruption to the business, although in some cases the impact will be so obviously severe that a general statement from the employer to that effect will suffice.

• It is important that the medical evidence upon which a decision is being made is up to date. Repeated reports may have to be gained through the period of the illness or injury to ensure that changes in the prognosis are taken into account.

Importantly, the Court made it clear that employers are not expected to wait forever for an employee to recover from illness.

However, the court warned employers that, when balancing whether the time has come to dismiss, the employer needs to have considered the disruption to the business that the absence is causing. It is therefore a good idea for the employer to have a written record of the issues that are being caused, for example who has been brought in to cover the work, or what extra work colleagues are doing because of the absence.

Always seek advice before terminating on grounds of ill health as each case will turn on its facts.

Please call me on 07917 878384 or email me nicola.goodridge@goodhr.co.uk if you need advice.

April 27

How to fairly and legally engage an intern this summer…..

Relevant work experience has become an essential part of getting a graduate job. Whilst many internships are paid, very many unpaid internships are still offered (largely in the media, charity and fashion sectors). The government is now cracking down on these exploitative unpaid internships and is directing HMRC to enforce at least minimum wage where interns are classed as workers (rather than genuine volunteers), regardless of experience or length of internship.

There are already laws in place to prevent many types of unpaid work experience, but they include some grey areas. Hopefully the following will clarify the position.

Are unpaid internships illegal?

Under the existing laws it is illegal for employers not to pay their workers and in many cases this includes interns, whether they are students or graduates. However, employers don’t have to pay their interns if the nature of their time spent at the employer can be defined in certain ways. This is why you need to know your rights before starting any kind of internship or work experience.

By law, employers have to pay their interns the national minimum wage if:
• the placement is likely to lead to an offer of permanent, paid work
• the employer is obliged to give them work to do, and they are obliged to do it
• it is real work of the sort a paid employee or contractor would be asked to do
• the business is relying on their specific skills in the tasks they undertake
• they cannot come and go as they please
• thus they are classed as a ‘worker’

By law, employers do not have to pay their interns the national minimum wage if:
• the intern is required to do an internship as part of a UK-based higher education course
• the intern is working for a charity or voluntary organisation and is receiving limited expenses, such as for food and travel
• the intern is only work-shadowing – they are observing an employee and not carrying out any work themselves.

What’s wrong with unpaid internships?

Firstly, they are seen as exploitative. It’s unfair for an employer to profit from an intern’s work when the intern isn’t paid for it – someone working for them under any other circumstances would be. The employer is getting something for free and could be seen as taking advantage of a student or graduate’s eagerness to get experience in that field of work. For graduate interns, in particular, a long unpaid internship could be regarded as a way of having someone do a graduate job without paying them for it.

Secondly, unpaid internships are a barrier to social mobility. Students and graduates from wealthier backgrounds can take part in, and benefit from, unpaid internships, while many others simply cannot afford to. Research published by The Sutton Trust in 2018 estimated that the minimum monthly cost of doing an unpaid internship, taking into account rent, bills, travel and other livings costs, was £1,019 in London and £827 in Manchester.

What makes a good internship?

The best internships are paid, but they also meet other criteria.
• Interns should be recruited through an open advert, in the same way as other employees
• Interns should be given as much responsibility and diversity in their work as possible
• Interns should have a proper induction
• A specific individual should be allocated to supervise interns, mentor them, and conduct a formal performance review to evaluate the success of their time with the organisation
• A reference should be provided on completion of the internship

Documentation

Whether you are engaging a volunteer or a paid intern, an agreement should be drawn up between the parties.

Please call me on 07917 878384 or email me nicola.goodridge@goodhr.co.uk if you would like either or both.

March 1

It’s snowing….can I refuse to go to work?

It looks stunning!! But the heavy snow affecting large swathes of the UK is making it tough for many people to get to work.

What are your rights if you can’t make it into work?

Will I still get paid?

In most cases you’re not automatically entitled to pay if you are unable to get to work because of travel disruption or bad weather. But, if your employer normally provides your travel to work and this has been cancelled because of the bad weather then you should still be paid.

Some jobs may also have a specific clause written into their contracts, or have a collective agreement in place, that an employer will pay you if you cannot get to work due to circumstances beyond your control.

Some employers might also make discretionary, informal arrangements, like allowing you to work from home or agreeing that you will be paid but you need to make up the missed time at a later date. But it is important to remember they are not obliged to do this.

Can my employer force me to take a day off as holiday?

Yes your employer can ask you to take a day of paid holiday but only if they give you sufficient warning. The law states that you must be given a warning period of “at least” double the length of annual leave which you are being asked to take.

So, if your employer wants you to take one day’s annual leave, for example, they would need to give you two days’ notice.

What if my workplace is closed?

In these circumstances, you are entitled to be paid and your employer cannot require you to take the time as annual leave.

However, your employer can still ask you to work from home, or ask you to go to another workplace that is open if the business has one.

My child’s school is closed due to snow, can I take the day off?

Employees have the right to take unpaid time off to deal with emergency situations for their children or other dependents and a school being shut at short notice is likely to be considered an emergency.

Strictly, the day would be unpaid but not all employers would take this approach. It maybe that you can work from home. It maybe that you agree to take the day as annual leave so you do not miss out on pay.

My office is freezing – can I go home?

A minimum temperature of 16C is recommended for offices where the work is deskbound and fairly sedentary. If the work requires physical effort, the minimum recommended temperature is 13C.

These temperatures are not a legal requirement but your employer has a duty to provide a “reasonable” temperature in the workplace.

If low temperatures make it unsafe for workers, then you should be allowed to wear warmer clothing, take extra breaks to make hot drinks and also be allowed to bring in extra heating options such as portable heaters.

However, if you’re vulnerable in any way, for example are pregnant, then you may be sent home to protect your health, and this would usually be on full pay.

Call me on 07917 878384 or email me nicola.goodridge@goodhr.co.uk if you need help!

February 6

Are you prepared for GDPR? GoodHR can help with the documents you need……………

On 25th May 2018, Europe’s data protection rules will undergo their biggest change in two decades. Since they were created in the 90s, the amount of digital information we create, capture, and store has vastly increased. Simply put, the old regime was no longer fit for purpose.

There is a lot of “scaremongering” around the potential impact for businesses, but for those businesses and organisations already complying with existing data protection laws the new regulation is only a “step change”.

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act. For businesses already complying with the current data protection law, it’s highly likely they will be meeting many of the GDPR principles.

The differences, however, are……

* The need for consent underpins GDPR. Individuals must opt-in whenever data is collected and there must be clear privacy notices. Those notices must be concise and transparent, and consent must be able to be withdrawn at any time.

* Accountability is key. Businesses and organisations must be able to demonstrate they comply with the GDPR principles which means being more accountable for their handling of people’s personal information. Crucially, it is the businesses’ responsibility to ensure compliance. Mandatory activities to demonstrate compliance include:

o Staff training
o Internal audits of data processing activities
o Internal HR reviews
o Appoint a data protection officer (if over 250 employees)
o Maintain all documentation
o Meet all the principles of data protection
o Implement Protection Impact Assessments

* Under the GDPR the right for businesses to charge £10 if an individual wants to access information held about them is being scrapped. Requests for personal information can be made free-of-charge. When someone asks a business for their data, it must produce the information within one month.

* The GDPR also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.

* One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, if it requires and doesn’t have a data protection officer or if there’s a security breach, it can be fined.

25th May will be here very quickly!

I can help you produce the following:

1. A privacy notice for employees, workers and contractors that notifies them about the personal data that the employer holds relating to them, how they can expect their personal data to be used and for what purposes.

2. A memorandum to a board of directors outlining the key issues concerning the GDPR, the need for a company-wide programme addressing these issues and what this programme needs to include.

3. A privacy standard (previously, a data protection policy) setting out the principles and legal conditions that organisations must satisfy when obtaining, handling, processing, transporting or storing personal data in the course of their operations and activities.

Call me on 07917 878384 or email me nicola.goodridge@goodhr.co.uk if you need help!

January 22

Five employment law developments to watch out for in 2018……

As ever, the year ahead sees a number of significant domestic employment law developments. A brief overview of them follows:

1. The General Data Protection Regulation (the GDPR) comes into effect

The GDPR which updates and harmonises data protection law across the EU, will come into effect on 25 May 2018 for all EU member states, including the UK.

Organisations need to be conducting data audits and policy reviews in the lead up to May, to ensure that their data protection practices are GDPR compliant. Many employers will need to issue new or updated privacy notices to employees and job applicants, outlining what data they collect and how the data is used.

Employers will also be conducting third-party contract reviews where they outsource data processing, for example to payroll and benefit providers, or to recruitment or consulting services.

Developing and implementing a GDPR compliance programme can be a resource-heavy undertaking. Accordingly, employers are encouraged to risk assess their compliance gaps and address the issues that pose the most significant risks first.

2. First gender pay gap reporting deadline

Private and voluntary-sector employers with 250 or more employees have until 4 April 2018 to publish their first gender pay gap report.

The reports will cover pay data from 2016 to 2017, including the differences in mean pay, median pay, mean bonus pay and median bonus pay between male and female employees. Reports also have to set out the proportion of male and female employees in the pay quartiles of an organisation and the proportion of male and female employees who received bonus pay.

Employers must post their reports on their own website and on a Government website.

As has been seen this week with the BBC, despite equal pay legislation coming into effect over 40 years ago, this is still a live issue and one that should be addressed by all employers, regardless of how many staff they have, as a matter of good practice.

3. Minimum wage rates increase

The national living wage for workers aged 25 and over will increase to £7.83 per hour on 1 April 2018.

Other national minimum wage rates will also increase, with rates rising to £7.38 per hour for workers aged 21 to 24, to £5.90 per hour for workers aged 18 to 20 and to £4.20 for workers aged 18 who are no longer of compulsory school age.

4. Statutory family pay amounts uprated

The weekly amount for statutory family pay rates will increase to £145.18 on 1 April 2018. This rate will apply to maternity, adoption, paternity and shared parental pay and maternity allowance.

5. Brexit preparations

The Government’s initial agreement with the European Commission contained terms that protect the rights of EU citizens who currently reside in the UK to live, work and study in the UK following Brexit.

The announcement provides employers with more certainty as they continue to develop their contingency plans around Brexit. The agreement does not relate to the ability of new EU workers to migrate to the UK to work after Brexit. Employers in sectors that rely on considerable inflows of European workers still need to wait for confirmation of immigration arrangements following withdrawal from the EU.

For further detail or assistance with any of the above please get in touch with me at nicola.goodridge@goodhr.co.uk

December 21

Managing Christmas in the workplace…

1. What should employers do to prepare for the festive season?

Issue a statement to employees in advance of a Christmas party (or similar work-related event) to remind employees of conduct matters, including the dangers of excess alcohol consumption, and behaviours that could be viewed as harassment.

2. Do employers really need to be proactive on behaviour on workplace social events?

Yes, because employers have a duty of care towards staff, and as a matter of good practice.

The Equality Act 2010 makes employers liable for acts of discrimination, harassment and victimisation carried out by their employees in the course of employment, unless they can show that they took reasonable steps to prevent such acts.

3. Is an employer responsible for what happens at a Christmas party?

It is safe to assume that an employer will be liable for an employee’s behaviour even if it is during an office party. In a recent case a police officer complained of sexual harassment by work colleagues in a pub outside working hours. The tribunal held that social events away from the police station involving officers from work either immediately after work, or for an organised party, fell within the “course of employment” and thus the employer was liable.

4. Can employees be disciplined for misconduct after a Christmas party?

Yes, if the incident is sufficiently closely connected to work to have had an impact on the working situation. A tribunal recently held that the employer was found to have fairly dismissed an employee for a brawl after the end of a Christmas party.

5. What should an employer do where more than one employee is involved in the same incident?

Where the circumstances are truly parallel, employees must generally be treated the same. Establishing “who is to blame”, however, can be difficult where memories are blurred by alcohol and the evidence is unclear.

In a case involving two zoo keepers who got into a fight at London Zoo’s Christmas party, one was dismissed and the other was issued with a final written warning. Given the lack of clear evidence as to who started the fight, the employment tribunal found the dismissal to be unfair. The tribunal held that the employer could have legitimately dismissed them both, or issued both with final written warnings.

6. Can employers compel their employees to work overtime in the run-up to Christmas?

If the contract of employment includes a clause requiring an employee to work overtime when required, then it will generally be reasonable to take disciplinary action if an employee refuses to do so.

In one case, an employee of a small food company was dismissed for gross misconduct, having refused to work overtime during the company’s busiest period, despite a clause in her contract requiring her to work extra hours when required.

An employment tribunal found the dismissal to be fair and within the “range of reasonable responses”, not least because the consequences for the employer’s business of not dismissing her could have been “disastrous”.

7. Can an employee insist on taking holidays during the Christmas period?

No. In the absence of an agreement to the contrary, workers must give notice equal to twice the length of the holiday that they wish to take.

The employer can then give counter notice requiring that the leave not be taken, so long as this counter notice is equivalent to the length of the holiday requested, and the worker is not prevented from taking the leave to which he or she is entitled in that holiday year.

Where an employee has accrued untaken leave and gives reasonable notice to the employer to take the leave, the employer must have valid business reasons for refusing the employee’s request to take leave.

Where an employee insists on taking leave and does so without approval, the employer should approach the issue sensibly and be careful not to impose a disproportionate penalty on the employee. In a recent case an employee who was dismissed for failing to attend work without permission on Christmas Eve was found to have been unfairly dismissed by an employment tribunal – the dismissal was not a proportionate response.

8. What if an employee comes to work late, or not at all, the day after the Christmas party?

An employer can make deductions from employees’ pay if they turn up for work late the morning after the company Christmas party as long as the right to make deductions from wages for unauthorised absence is reserved in the employment contract.

If disciplinary action is to be taken for lateness or non-attendance after the Christmas party, employers should ensure that staff are informed that this is a possibility in the disciplinary policy.
Where an employee does not attend due to illness, the employer should follow its sickness absence procedures.

The retailer, Argos, reportedly offered an attendance allowance to encourage its staff not to take time off sick! This may be attractive but care needs to be taken as such an allowance carries the serious risk of an indirect disability discrimination complaint that may be difficult to justify.

9. Can employers require employees to take annual leave during the Christmas period?

Yes. For those businesses that close over the Christmas period, employers will need to put in the contract a clause requiring workers to take annual leave at that time.

10. What if travel disruption delays an employee returning to work following the Christmas break?

This can be a common issue, particularly given planned strike action on rail services over the Christmas period.

While there is no obligation to pay employees who fail to attend work due to public transport issues, many employers will want to offer flexibility and alternative options – ie. if the role is suitable, technology may allow the employee to work from home or from another location. Alternatively, the employer could require the employee to make up the time later or take the time as paid annual leave.

December 21

What are the General Data Protection Regulations (GDPR)……employers take note!

Despite Brexit, the UK will implement the General Data Protection Regulations (GDPR) when it comes into force on 25 May 2018. There are significant changes employers need to be aware of – including a new penalty regime.

The GDPR harmonises data protection laws across the EU and updates the current 20-year-old regime to take account of globalisation and the ever-changing technology landscape.

An overview of the GDPR

It will apply not only to EU companies, but to any company processing the personal data of individuals in the EU in relation to offering goods or services, or to monitoring their behaviour.

Significant penalties can be imposed on employers that breach the GDPR, including fines of up to €20 million or 4% of annual worldwide turnover, whichever is greater.

The level of fine will depend on the type of breach and any mitigating factors, but they are undoubtedly meant to penalise any employer’s disregard for the GDPR.

The current statutory timeframe of 40 days to comply with a subject access request for data will be abolished and replaced with an obligation on employers to ‘comply without undue delay’ and at the latest within one month of the request. The removal of the 40 day period will make the employer’s duty to comply more onerous meaning policies and procedures will need to be updated and staff trained to ensure compliance with the new timeframes.

More detailed privacy notices

Under the current law, employers are required to provide employees and job applicants with a privacy notice setting out certain information – ie. some or all of the ways the employer gathers, uses, discloses and manages an individual’s data.

Under the GDPR, employers will need to provide more detailed information, such as:
· how long data will be stored for;
· if data will be transferred to other countries;
· information on the right to make a subject access request; and
· information on the right to have personal data deleted or rectified in certain instances.

Restrictions to consent

Currently, many employers justify processing personal data on the basis of employee consent. This approach has been increasingly criticised because there is doubt as to whether or not consent is actually given freely in the subordinate employer-employee relationship.

There are more prescriptive requirements for obtaining consent under the GDPR and employees must be able to withdraw their consent at any time. This will make it harder for employers to rely on consent to justify processing. Instead, employers will generally need to rely on one of the other legal grounds to process personal data – ie. that it is necessary for the proper performance of the employment contract, in order to comply with a legal obligation, or for the purposes of the employer’s legitimate interests.

New breach notification requirement

The GDPR imposes a new mandatory breach reporting requirement. Where there has been a data breach (such as an accidental or unlawful loss, or disclosure of personal data), the employer will have to notify and provide certain information to the data protection authority within 72 hours. Where the breach poses a high risk to the rights and freedoms of the individuals, those individuals will also have to be notified.

Data protection officers

All public authorities and those private companies involved in regular monitoring or large-scale processing of sensitive data will need to appoint a data protection officer to:
· advise on GDPR obligations;
· monitor compliance; and
· liaise with the data protection authority.

How to prepare now

Co-operation and understanding of the new GDPR obligations across the business is critical and organisations will need HR, legal, IT and compliance teams to take a combined approach.

The most important steps for HR to take now include:

1. Carry out a data audit. Carefully assess current HR data and related processing activities and identify any gaps with the GDPR.

2. Review current privacy notices and update them to comply with the more detailed information requirements. All information provided must be easy for employees and job applicants to understand.

3. Assess the legal grounds for processing personal data. Where consent is currently relied on, check whether or not it meets GDPR requirements and remember that consent may be revoked at any time. Employers will generally need to rely on one of the other legal grounds to continue to process employee personal data.

4. Develop a data breach response programme to ensure prompt notification. Allocate responsibility to certain people to investigate and contain a breach, and make a report. Train employees to recognise and address data breaches, and put appropriate policies and procedures in place.

5. Determine whether or not a data protection officer must be appointed and, if so, think about how best to recruit, train and resource one.

OLDER OLDER 1 2 5 6