CALL 0800 437 0322 9am to 6pm – Mon to Fri
Submit enquiry

5 Things people Need To Know About the New General Data Protection Regulation (GDPR) and your work

Posted on 25th June 2018

Companies hold extensive data not only on employees but also job applicants and ex- employees. This often includes sensitive information, such as bank details, religious affiliation, racial background as well as sexual preferences.

The GDPR replaces the Data Protection Act 1998 (DPA). One of the key principles underpinning the new regulation is to give individuals control over their data.

Here are the five main changes to note.

1. Making a Subject Access Request (SAR)

Employees have a right to make a subject access request in relation to their personal data. Employees frequently make SAR’S when a dispute arises and are especially common when an employee is contemplating legal proceedings against an employer.

Under the DPA, employers were required to comply with a SAR within 40 days and entitled to charge a fee of £10. There is no fee payable under the GDPR (unless the request is unreasonable or excessive). Also, employers must comply with the request ‘without undue delay’ and within 1 month.

2. Organisations will need to provide more information 

At the time of obtaining your data, the organisation must give you a significate amount of information, including: how long it intends to keep the data, if it intends to transfer it to another country, inform you of your right to make a subject access request and that you have a right to have personal data deleted or rectified. This information must be set out in plain language.

3. The right to have data corrected or deleted

Employees will have increased rights to object to certain processing, to have data corrected, limit how their data is used, and the right to be forgotten (have data deleted). Employees may find this useful in the context of disciplinary proceedings.

If you exercise your right to be forgotten, your employer must inform any third party (it has passed the data to) of your request.

4. Consent can be withdrawn

The employer needs to have a lawful basis to process your data. Employers have frequently relied on blanket consent obtained in the employment contract.

The GDPR sets out more rigorous conditions for the use of consent: it must be freely given, specific, informed and unambiguous. It is now easy for employees to withdraw consent and prevent the employer processing data.

5. The right not to be subjected to automated decision making

Employees have the right not to be subjected to decisions made solely by automated means (without human involvement) – this means employers are no longer able to rely on this method to determine shortlisting, performance management thresholds, triggers for sickness absence etc.

Our Employment Law Solicitors are backed by four decades of experience. Our legal practice and team of London Solicitors have a strong track record of achieving favourable client outcomes. For expert legal advice use our contact form or call us on 0800 437 0322 today.

Request a FREE consultation

Fill out this form and one of the team will get back to you:


By ticking the following box I am giving Hodge Jones and Allen consent to process my personal data for the purpose of this enquiry.

Full details of our privacy policy is available here

Call us on:

Our offices are open from Monday to Friday from 9 am to 6 pm.

Phone:0800 437 0322
Fax:020 7388 2106
Address:Hodge Jones & Allen LLP
180 North Gower Street
London
NW1 2NB