Your employer will necessarily hold personal data about you, but they must comply with the GDPR (General Data Protection Regulation) which has regard for individual rights and sets out what is considered to be personal data and your employer’s obligations on collating and processing that data.
GDPR principles
The GPDR sets out seven key principles.
• Personal data should be processed fairly, lawfully and in a transparent manner;
• Data should be acquired for specified, lawful purposes;
• Data should be adequate, relevant and not excessive;
• Data should be accurate and kept up to date;
• Data should be retained only for as long as necessary;
• Data should be kept secure
• Your employer is accountable for what it does with your personal data and how it complies with the other principles.
What is personal data?
Personal data is data that relates to an identified or identifiable person and includes data that, although may not name you, may be used to identify you such as a payroll number. It includes data that is held electronically or stored in a filing system.
Privacy notice
Your employer is obliged to provide you with a privacy notice which outlines the legal basis and justification for collecting and processing your data. The notice must include certain information including your right to request access to your personal data and your right to withdraw your consent at any time.
Subject access request
You have the right to request the data that your employer holds about you. Your employer must respond to your request within one month, although they may extend this deadline by up to a further two months if your request is particularly numerous or complex. Information is usually provided for free, but your employer is entitled to charge a ‘reasonable’ fee if your request is excessive or repetitive.
Former employees
Even after you have left an employer, the employer can still retain personal data about you if one of the legal bases for processing still applies (e.g. tax reasons). You can request that your former employer delete personal data they hold about you and your former employer must comply with your request if the data is no longer necessary for the purposes for which it was collected and processed.
Can we help you?
If you need advice about your individual situation, please contact us. Call on 01522 440512 or visit our website www.lincslaw.co.uk for more information.
Kathryn Bolton
Associate, Specialist Employment Law Solicitor
Lincs Law Solicitors, Lincoln