Guide index - HR employment law and your business


Data Protection (GDPR)

The General Data Protection Regulation (GDPR) was approved by the EU Parliament on 14 April 2016, with an enforcement date of 25 May 2018.

The GDPR reinforces data protection law in the EU which was originally introduced with the Data Protection Directive in 1995, which resulted in the Data Protection Act 1998 in the UK.

Under GDPR, organizations in breach of GDPR can be fined up to 4 per cent of their annual global turnover or 20 Million euros (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements.

For employers, the GDPR builds on the established data protection principles and introduces some important changes in the way they should communicate data protection information to their staff, and significantly, employers will no longer be able to rely on consent as a lawful reason for processing personal data and instead will be able to rely on one of the other lawful reasons for data processing under the GDPR.

Employers should have a clear privacy notice which communicates to employees and job applicants information about the personal data they collect and process and why, how it is kept, and sets out the individual’s rights and obligations under the GDPR.