Call us today on 01487 815 720 or email us on [email protected]

An Employer’s Guide to GDPR Part Three

Employer's Guide to GDPR

An Employer’s Guide to GDPR Part Three

GDPR and the impact of Lawful Processing on HR

Keeping HR Simple have teamed up with Data Protection Specialist Simon Hinks.  Simon works closely with businesses and charities on data protection, compliance and data auditing and helping them to understand their GDPR/DPA gaps.  His hot topics include GDPR compliance and data audits, Communication audits and Customer journey audits.

We asked Simon to talk to us about the big picture of GDPR and what that means from a HR point of view, in particular to focus this time on the impact of Lawful Processing on HR.

Lawful Processing

As a HR team dealing with sensitive data, in the eyes of GDPR you need to specify the legal grounds for processing this data and refer to it as part of the privacy statement in staff contracts.

The ICO states you must have a valid lawful basis in order to process personal data and there are six of these available. No single basis is ’better’ or more important than the others – which is most appropriate to use will depend on your purpose and relationship with the individual. Most of the lawful bases require that processing is ‘necessary’. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis.

You must determine your lawful basis before you begin processing, and you should document it. Take care to get it right first time – you should not swap to a different lawful basis at a later date without good reason.

You have a lawful basis for processing if; you have a contract with the individual and you need to process their personal data to comply with your obligations under the contract; you haven’t yet got a contract with the individual, but they have asked you to do something as a first step (eg provide a quote) and you need to process their personal data to do what they ask.

It does not apply if you need to process an individual’s details but the contract is with someone else. It does not apply if you take pre-contractual steps on your own initiative or at the request of a third party.

More information coming soon but in the meantime if you have any questions, don’t hesitate to contact us!

Missed part two?

No comments yet.

Leave a Reply