The way you handle the personal data of your employees is governed by a lot of rules - but it's also one of the most important things to get right when hiring. The objectives and outcomes of the rules are generally logical and not especially difficult to apply.
Here, we explain what you need to know to be legally compliant, and what you need to do to keep your employee's data safe and secure.
First, let's explore what the Data Protection Act means
Referring to people such as job candidates and employees, the purpose of this legislation is to regulate how their personal information is handled once they share it with potential employers.
It also gives them a legal right to be given access to information that is held about them by employers (or prospective ones) when they request it. They're able to claim compensation if it's found that their data has been compromised (e.g. by not being securely stored or by being exposed to others or used for other purposes, without their consent).
Before you obtain an employee's data, you must provide them with a privacy notice that states how you intend to use their personal information.
What is 'personal data'?
Personal data is essentially any information that relates to an individual. This could be anything from their name, address and date of birth to more sensitive information about their health or details of trade union membership.
There are 8 principles of data protection for 'personal data' (according to the Act):
Personal data shall be:
1. Processed fairly and lawfully (meaning the data should be collected, used, disclosed, kept, or disposed of transparently and consistently for
2. Obtained only for expressly specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes
all individuals, and always in line with statute and common law)
3. Adequate, relevant and not excessive in relation to the purposes for which it is processed (i.e. you cannot request any more than what you
4. Accurate and, where necessary, kept up to date
5. Kept for no longer than is necessary for the purposes for which it is processed
6. Processed in accordance with the rights of 'data subjects' - i.e. persons to whom the data relates - under the Act (see further below, but this mainly covers people's rights of access to the data you hold on them)
7. Subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss,
8. Not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of
destruction or damage
In relation to employment law specifically, data processing should also comply with at least one of these points:
* The worker has given their explicit consent to the data being requested and processed * The processing is necessary so that you, as an employer, can exercise your legal rights or obligations relating to your employment of the worker * The processing is necessary as part of legal proceedings or to obtain legal advice * The processing is necessary as part of court proceedings, for the exercise of functions conferred by statute, or for the exercise of any function of the Crown * That if the processing relates to sensitive data as to racial or ethnic origin, it is necessary to the monitoring of equal opportunities or the treatment of persons of different racial or ethnic origins; these activities having the aim of enabling equality to be promoted or maintained. It must also be carried out with appropriate safeguards for the rights and freedoms of the persons to whom it is relevant. (These safeguards include keeping records secure, sharing the data on a need-to-know basis, and clearly explaining in writing to the data holder how, why, and for how long the data will be kept)
Records you should keep about people in your business
* Name, address, date of birth, sex, and any known and relevant disability * Emergency contact details and next of kin * Education, qualifications, and work experience * Tax code and National Insurance number * Current job title, date employment began, and details of promotions * Terms and conditions relating to agreed working hours, pay, holiday entitlement, and any other benefits * Details of their employment induction process * Results of discussions and assessments from the employee's appraisals * Details of any absences, including lateness, sickness, annual holiday, maternity, paternity, or dependents leave, compassionate leave, and so on * Work-connected accident records, along with details of first aid given * Information relating to any training and career-development programmes provided by the business * A record of any grievances raised by the employee * Details of disciplinary action * Details of termination of employment and exit interviews
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way