If an organisation has employees or self-employed contractors or others who provide work and support, it is important to ensure that the correct privacy notices are in place before processing the employee’s personal data.
For the organisation to go about its day to day  business it is essential to take personal data from an employee and then use that data either internally or pass it to other external organisations.

The Privacy Policy Trap

Organisations often rely on their external Privacy Policy to fulfil the requirements of notifying their employees about the use of their personal data. The type of data taken about an employee and how that data is used can be very different from the personal data taken on customers, patients or other individuals. If an employee is not properly advised about the use of their data this could result in an organisation being in breach of GDPR and risking a claim for compensation by the   employee, and a fine by the ICO.

What Steps to Take

An organisation should carefully consider its external facing Privacy Policy and then review what data it takes on employees and how it uses that data. The organisation will nearly always find that the use of data on an employee differs from what  is set out in the external privacy policy.

The Solution

To be fully protected an organisation should also have an internal Privacy Notice directed at employees, and self-employed contractors. This document enables an organisation to use the employee’s personal data in a manner necessary to operate the business including passing the data to outside bodies such as HMRC, out-sourced HR companies and payroll

The Privacy Notice

There is a large amount of mandatory information which should be written in a Privacy Notice including:

  • What data the organisation takes
  • Why they need it
  • What they do with this data
  • Who they pass the data to
  • How the data is kept secure
  • The rights of the individual

It is important that the employee is provided with a copy of the Privacy Notice at the start of their employment.

How can Affinity Resolutions Help?

We understand the needs of an organisation to use an outside business. With our unique legal, practical and marketing approach we will ensure that we create for you a bespoke agreement which both meets the GDPR and allows you to carry on your business as you wish

For more information or see our contact information