As a matter of law employers must give employees employment contracts which cover the key terms of the employment relationship. As a matter of good practice, and often a resource that can save a dispute from arising or provide the best framework for resolving a dispute, are the non-contractual policies and procedures that can be included in a staff handbook. This can sit alongside contracts of employment to set out how employees are expected to act and how the employer will deal with certain situations.
Data Protection Policy
In 2018, the UK brought into force laws to implement the EU’s General Data Protection Regulation (“GDPR”). GDPR replaced the UK’s existing data protection framework, and it comprehensively regulates the processing of personal data. Even though GDPR originated from the EU, it still applies post-Brexit.
Virtually all businesses collect, process and store personal data about their employees, customers and suppliers, so it’s a good idea for them to have a Data Protection Policy. This will help them comply with the UK data protection laws by setting out the principles and legal conditions that the business must satisfy when obtaining, handling, processing, transporting or storing personal data during its operations and activities. On top of setting out how the business will process data; the policy should also make employees aware of their data protection obligations and explain the rights of individuals whose personal data is processed by the business. Businesses can incorporate this policy into an employee handbook, or they can use it as a stand-alone document. But whatever they do they should ensure that they make their employees aware of its existence and requirements.
We’ve prepared a draft Data Protection Policy to get you started. You can download it by clicking here. This policy deals with how a business should meet its data protection obligations under GDPR. It doesn’t cover detailed data security provisions so you should have a separate Data Security Policy, which covers data security. You’ll also need a Privacy Notice, which you can give to employees to transparently demonstrate how you’re going to use their personal data
This article and the policy are provided for general information purposes only and you should take specialist advice in relation to specific circumstances. Whilst we endeavour to ensure that what we say is correct, no warranty, express or implied, is given as to its accuracy, and Atkins Dellow LLP does not accept any liability for error or omission.