GDPR: Saying “I do”, and meaning it.
19 January 2018
We are looming ever closer to the introduction of GDPR which will replace the Data Protection Act 1998 and create a blanket piece of legislation for data protection across the EU. From an employment perspective, employers and HR professionals should take particular interest in some of the changes that GDPR will impose, namely, consent.
Conditions for Consent
One of the changes being introduced by the GDPR is the increased protection offered to individuals regarding consent, which should be “freely given” by the employee and can be withdrawn at any time without justification, and without any detriment to the employee. Some of the conditions for consent are outlined below.
- Consent may cover different operations, however, these operations must serve the same purpose. To the extent data processing has multiple purposes, a consent to those processing activities should cover all those purposes.
- An employer should clearly separate the request for consent to data processing activities from information about other matters.
- The purpose for which that data is being processed should be clearly made out and should be in an intelligible and easily accessible form and employers ought to inform employees of the identity of the data controller.
- If an employer wishes to use personal data for new or different purposes than originally outlined, it must obtain new consent, or identify another legal basis for processing the data.
- Consent should be by an affirmative act, such as a “tick box”, in writing or given verbally. Silence, pre-ticked boxes or inactivity are insufficient to demonstrate consent.
- Employers should ensure their terms and conditions are very clear and not overly ‘legalistic’. Using language that would confuse an employee will invalidate consent.
We would recommend that all businesses consider the changes that GDPR will make and the impact this will have on your organisation. Ensuring your organisation is aware of and is compliant with the conditions above will ensure good practice in the workplace and help prevent any unwanted penalties for non-compliance.
If you have any further questions regarding GDPR from an employment perspective or your organisation needs assistance with drafting GDPR compliant documents, please contact a member of the Employment Team.