General Data Protection Regulations

The General Data Protection Regulation (2016/679 EU) (GDPR) replaces the Data Protection Directive (95/46/EC).

In January 2012, the European Commission announced its intention to reform the data protection rules on the basis that reform is necessary to strengthen online data protection rights and boost Europe’s digital economy by harmonising data protection rules across the European Union (EU). The Commission proposed that the existing Directive would be replaced by a Regulation, which means that it would be binding on every member state and would not need to be transposed into national law.

The Regulation harmonises data protection law across the EU and extends it to include all foreign companies processing the data of EU residents. The Regulation:

  • provides for the creation of a single data protection authority instead of the supervisory authority of each member state, and the creation of data protection officers for all public authorities and companies processing high volumes of data;
  • provides for the imposition of a fine of €20 million or 4% of global turnover, whichever is greater;
  • requires the positive consent of individuals to have their data processed;
  • provides for the notification of breaches to the data protection authority; and
  • extends the special categories of information, such as trade union membership and religious belief or political opinion, to include information relating to health.

On 7 August 2017, the Government published a Statement of intent: A new Data Protection Bill – our planned reforms. It confirms that the Data Protection Bill will repeal the Data Protection Act 1998. The Bill will introduce a new data protection regime, including by making changes to the definition of “personal data” and the rules on consent, and bring data protection rules in the UK into line with the requirements of the GDPR. The Bill will utilise the derogations contained within the GDPR, including the derogations that permit the Government to legislate on the processing of criminal conviction and offence data and in the area of automated individual decision-making.

GDPR Compliance Package for Employers and HR Professionals
Ready To Go HR Department - policies imageMy Business Owners Briefing focuses on the legal grounds for processing employee data and job applicant data and covers:

  • GDPR at a glance
  • What are the key changes to make in practice?
  • How to determine the legal grounds for processing employee data
  • 5 FAQs on retaining HR records
  • In Brief: Employee Privacy
  • In Brief: Job Applicant Privacy

To support the briefing the following documents are enclosed to help you implement the advice and ensure compliance:

  • Data Protection Policy
  • Letter to Employee Enclosing Privacy Notice
  • Employee Privacy Notice
  • Employee Consent Form
  • Consent Checklist

The package is provided as a Microsoft Word file so you can edit the content to fit your company style and where appropriate copy and paste content onto your letterhead and implement them immediately.

General Data Protection Regulation (GDPR)

Let Me Buy You A Coffee!

If you found this helpful and you would like to learn more about how I work with owners of small business who want to improve their HR management, please go here.

Tap into and share the Kea world!

Don't forget to add Kea to your social networks and when you read an article that you like share it with your network!
Scroll Up