Changes to Data Protection Laws – an update from Avensure
Data protection will undergo extensive changes next year which will affect every employer in the country.
The European General Data Protection Regulation will be introduced in May 2018 but employers are being urged to begin to take practical steps now to ensure they are not caught unawares next year.
What Is Data Protection?
The Data Protection Act 1998 provides a structure to ensure that data processors process the data of their subjects in a lawful way. Employers are, for these purposes, data processors and the data subjects are their employees.
‘Data’ is information that is processed by means of computer or recorded in a relevant filing system. It is further classified as ‘personal data’ which is information from which the identity of the individual to whom it relates can be identified, and ‘sensitive personal data’ which is data relating to, amongst other things, a person’s race, any disability, sexual orientation, health condition etc.
The Act creates 8 data protection principles which employers must stick to when processing data. Employers must, for example, ensure data is kept accurate and up to date, be processed fairly and not kept for any longer than necessary.
What is Changing?
Some of the main changes affecting employers from May 2018 will be:
What Should Employers Do Now?
The Information Commissioner – the body which presides over data protection in Great Britain – has issued guidance for employers on how to prepare for the changes. Amongst other things, it suggests employers:
Now we are a little more knowledgeable of the Brexit timeline, it is appropriate to consider its impact on this new legislation. For as long as the UK remains in the EU, it must comply with EU legislation. However, it is plausible that the UK Government will make changes to this law once it has left.