As you will be aware by now, the GDPR comes into force in the UK on 25th May 2018. If you aren’t already making preparations to ensure that you are compliant with the GDPR, you need to start doing so as soon as possible.
You should begin by carrying out an audit of all the personal data that you hold on your employees. This will allow you to identify the types of data that you hold and the categories that the data falls into. You will then be able to identify the purpose for which you hold and use this data. You must be able to demonstrate that there is a lawful justification for you retaining this personal data under the GDPR.
We can assist you with reviewing the results of your data audit or providing guidance on how to conduct the audit.
Having completed your data audit, to comply with the GDPR requirements you will then need to consider updating your template employment contracts for new employees; updating data protection policies and other policies in your handbook where relevant for example disciplinary policies; and updating or drafting privacy policies. We are able to assist with drafting and updating these documents for you.