Employers need to ensure their employment contracts are compliant with the UK’s data protection rules.
We turned to Farillio’s legal expert partners, Pam Sidhu and Helen Smart, at The Wilkes Partnership, to get some much-needed guidance and clarity around what we should all be doing with our employment contracts – both the ones we already have, and any that we might be about to create.
This is what Pam and Helen shared with us.
Employment contracts finalised BEFORE 25th May 2018
For employment contracts finalised before 25th May 2018, it's likely that you'll need to take action. There are two options, and it’s best to consider them with a lawyer, since you may need to think carefully and strategically about any changes that you may need to make.
1. To vary those existing employment contracts to either:
a) include a new/revised clause relating to personal data processing rights for the employer; or
b) to remove the existing consent clause altogether (and then follow the approach outlined at option (b) below).
In either event, this variation process will be time-consuming and potentially more costly than option (b) below.
Existing contracts need careful checking to determine precisely what the existing clauses cover and to make sure that any other relevant contractual provisions are not mistakenly removed as part of the variation process.
Relevant consent clauses may appear in more than one section, so you may need to check the whole contract (for instance, there may be clauses throughout the contract relating to matters like consent to obtaining medical records and consent to email monitoring).
Once you know what needs to be varied, as the employer, you’ll need to ensure you have the contractual right to make the changes yourself (without getting express consent from the employee), or you’ll need to be clear that the contract in question obliges you to get that express consent before you can make any changes.
Different employment contracts will be drafted differently. Some (many in fact) may contain what’s called a variation clause; and, depending on the wording of that clause, it may mean that you will have to get the express consent of the employee before you are lawfully permitted to make the change.
2. Not to change/vary the contract terms
Alternatively, you could choose not to change or vary the terms of the employment contract.
Instead, you could choose to circulate a simple but clear statement to employees (not in the form of any contractual notice) informing them that:
a) you’re no longer relying on consent as a lawful basis for the processing of personal data belonging to them, as your employees (and so you are no longer relying on any consent clause in their employment contracts with you); and
b) instead, employees should refer:
i) to your business’ privacy notice for employees which sets out information describing the lawful basis on which the business will be processing their personal data, and
ii) (ii) to your internal data protection policy – and any other relevant policies (like IT policies).
You could do this as part of an update/training of employees in relation to GDPR.
The risk with option 2 is that you could potentially be seen to be misleading employees by not removing something from the contract which is now no longer compliant with the law. However, the clear statement advised above should assist in minimising this risk.
In addition, if you choose option 2:
a) you’ll need to make clear that your business’ privacy notice and internal data protection policy now clearly and correctly include matters relating to data protection and the handling of personal data in compliance with the GDPR’s requirements, and
b) you’ll need to ensure that in taking this approach, you’re not inadvertently disabling any elements of the original contractual wording that might cover wider matters than simply employee consent to personal data processing (e.g. employee commitment to compliance with their employer’s data protection policy), and which you might want to remain in place.
So, in either case, while it’s good to know where you stand and what your options may be – and many of us might well want to pursue option (b) for ease and cost-effectiveness! – it is definitely worth getting a quick view on the actual contracts that you already have in place. Then you’ll know for certain which option makes sense for your business and how to go about actioning it.
Employment contracts created AFTER 25 May
With employment contracts created after 25 May (or any contracts created using Farillio’s current up-to-date templates), you also have 2 options:
1. Include a GDPR-compliant clause, which does not rely on employee consent, in your contract.
This clause may simply refer to your business’ employee privacy notice. And it may also include additional obligations on the employee to comply with the your business' data protection policy and any other related policies (such as IT policies); or
2. Not include any clause relating to the use of the employees' data…
…and rely on this to be covered in your business' privacy notice and any other related policies and/or staff handbook to which the contract broadly refers and requires compliance with.
And as for the million-dollar question, which of these two options would our legal experts recommend?
Helen and Pam told us that they’d probably advise taking the first option, since it contains a transparent statement by an employer about how it is handling data protection-related matters and, if well drafted, should still provide reasonable flexibility if the business needs to update its privacy notice or other policy documents from time to time (without the need to get employee consent to do so).
If you’re concerned about your employment contracts or want a speedy view about how the new legislation may affect your employment – or your trading terms and contracts, for example, Farillio has a lot of practical guidance, like Pam and Helen’s advice above, on exactly these topics – as well as handy checklists and ‘how-to’ videos designed to help you work through what you should be doing now.
And our pay-as-you-go Speak To An adviser service is designed to help with exactly these kinds of rapid-fire queries. Let us know if we can help to connect you with experts like Pam and Helen.
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way