Data Protection in the Workplace

We help employers understand their data protection obligations.

As an employer, fulfilling data protection rules and regulations in accordance with the Data Protection Act 2018 and UK GDPR is essential. Understanding these liabilities will help ensure that you remain legally compliant, whilst also staying on top of how you handle recruitment, record keeping and various other HR activities.

That said, data protection can be an especially complex matter, particularly as legislation has changed since the UK left the European Union following Brexit.

Whether you need comprehensive support with data protection in the workplace, a professional review of your existing policies and procedures, or assistance with an individual matter, our employment law solicitors are available to provide comprehensive guidance.

How we can assist with data protection for your business

Our employment law solicitors can provide various services in relation to data protection, including:

Have a question? Please read our data protection FAQs or get in touch.

Reasons to choose Longmores for help with data protection

The employment law team handling your data protection matter appear in the directories of leading practitioners and are ranked by the leading client guide, The Legal 500. This offers the assurance that we offer the highest standard of service.

The team is led by Joint Senior Partner Richard Gvero, who is also closely supported by Senior Solicitor Miranda Mulligan. Richard and Miranda have been individually recommended by the Legal 500.

In addition to this, Richard and Miranda are both members of the Employers Lawyers Association (ELA). This further highlights the knowledge and expertise they possess.

Richard and Miranda are also accredited mediators.

Speak to our data protection solicitors

To discuss your requirements with our data protection experts, please get in touch.

01992 300333                     Ask a question

Our data protection expertise

Compliance with the UK GDPR and the Data Protection Act 2018

Remaining compliant with both the Data Protection Act 2018 and UK GDPR is extremely important for your business. The laws your business will need to follow are technically complex and the potential consequences for failing to uphold your obligations can be extremely serious, highlighting the need for specialist legal advice.

Our employment law team advise employers with regards to compliance with UK GDPR and Data Protection Act 2018, including matters such as responding to subject access requests and addressing data thefts/ breaches by employees.

Preparation of data privacy notices for employees, candidates and data protection policies

We can assist with the preparation of data privacy notices for employees and workers . Privacy notices are comprehensive documents that detail the personal data collected by an employer in relation to its employees, the purposes for which such data is collected and used, how the data is collected and used, how long the data will be stored and whether it will be shared. These privacy notices are essential for remaining compliant.

We can also assist with the preparation of internal data protection policies in accordance with UK GDPR and Data Protection Act 2018.

HR data protection audits

You may already have a privacy notice or data protection policy in place. However, if this policy has not been reviewed on a regular basis, or there have been changes to legislation since it was originally created (for example, the introduction of UK GDPR), it is important that it is assessed in detail.

In addition to our other services, our employment team can also conduct a thorough HR data protection audit to review your current documentation and advise on any amendments or changes are needed to bring it up to date. At this stage, we will also be able to identify whether there are any gaps in the existing policies which need to be addressed in order to achieve full compliance.

Based on the results of the audit, we can then provide a bespoke quote for any changes or updates that are required for your documentation.

Data protection FAQs

What is the Data Protection Act and UK GDPR?

The Data Protection Act 2018 and UK GDPR regulate how personal data is collected, stored and processed.

What happens if you do not comply with your obligations?

If your data protection policies are not sufficient, and an employee is able to demonstrate that a breach has occurred, you could be susceptible to various penalties.

In addition to experiencing significant reputational damage, you could also face a complaint brought to the Information Commissioner’s Office or potentially a claim for compensation, either to account for any financial losses they may have or experienced, or general distress.

What information do you need in a privacy notice?

The exact information you will need to include in a privacy notice will vary, depending on the personal information you handle.

Typical points to feature in a privacy notice will include:

  • The types of personal data collected
  • The lawful basis for processing the data
  • The purposes of processing the data
  • Who the data is being shared with
  • How long the data will be stored for
  • What rights employees have in relation to the use of personal data

How long can you store employee personal data?

The legislation does not dictate exactly how long you should store the personal data of employees, but it should only be as long as necessary. It is therefore up to you to justify the retention periods in place, based on your purposes for processing the data and how long it will be needed for.

Speak to our data protection solicitors

To discuss your requirements with our data protection experts, please get in touch.

01992 300333                     Ask a question


    Make an enquiry

    Please fill in the form and a member of the team will contact you directly

    You acknowledge that by submitting your details via this page, you consent to us processing your personal data in accordance with our privacy policy.