Thank you for contacting us.
We will get back to you as soon as possible.

Contact us


You acknowledge that by submitting your details via this page, you consent to us processing your personal data in accordance with our privacy policy.

GDPR: the clock is ticking!

GDPR: the clock is ticking!

25th May is fast approaching and GDPR will then really be here!

Employers have been losing sleep over this new legislation but maybe they have been overreacting.  Yes, the law is changing but in an evolutionary rather than revolutionary way. The key principles of the current Data Protection Act 1998 will remain.  Employers will need to deal with data “lawfully, fairly and transparently”; they must not hold excessive data and should only use it for the intended purpose.  They also need to check accuracy and not hold the information for longer than needed.  As has always been the case, information must be kept safe and secure.

So what is actually new?  Well, it’s a case of altered emphasis more than brand new concepts. 

Employers must be ultra clear and specific about the data that they hold, for what purpose it is held and the lawful basis upon which they will deal with the information.  It is no longer sufficient to make generalised, all-inclusive statements about data processing.  And this applies to the obtaining of consent as well; general provisions in employment contracts providing blanket consent for all data processing will not work anymore.

Furthermore, employers will be more accountable under GDPR for their use of personal data; they must have thought through the grounds for lawful processing and have good “data governance” in place.  And they must be able to demonstrate GDPR compliance through full and detailed record keeping.  A significant new provision is that employers must self report breaches and even notify data subjects where there has been a GDPR breach in certain circumstances.

The other major change is around sanctions and this is what has been hitting the headlines.  Under the current regime, the big complaint has been that the ICO has lacked enforcement “teeth”.  Well, under GDPR the fines will be significantly higher; up to 4% of global turnover or £80m, whichever is higher.  Employers who have been blasé about data processing in the past will need to modify their behaviours.

For advice on Employment law issues, please contact Richard Gvero.

Please note the contents of this blog are given for information only and must not be relied upon. Legal advice should always be sought in relation to specific circumstances. 

Look out – it’s party time!
6 Nov 2019 - posted in Blog
Author: Richard Gvero

The festive season is fast approaching and many businesses will be arranging Christmas parties for staff. These events are great for building morale and celebrating...

Read more
Feathering new nests for fledglings
29 Oct 2019 - posted in Blog
Author: Karen Fletcher

One option being looked at by an increasing numbers of parents who can afford it is buying property, either outright by releasing capital, or by...

Read more
Advising Family Businesses
25 Oct 2019 - posted in Blog
Author: Richard Horwood

The role of an advisor to family businesses, in the context of succession planning, has a tendency to be very varied and particularly interesting. ...

Read more