Dear Subscriber
You may have seen in the press recently that the unions are concerned that there may be a watering down and/or delay in the implementation of the long awaited Employment Rights Bill, with the departure of Angela Rayner. We will have to wait and see for now, therefore that is not the focus of this month’s update.
I can’t believe it has been seven years since the dreaded GDPR came into force. At that time we put together a system and range of documents to help our clients comply with the requirements with respect to the HR data they hold. This month we review the requirements of GDPR and suggest some simple steps you may wish to take to ensure ongoing compliance. |
| Please contact me if you would like to find out a bit more about any of the subjects raised in this update or if you need any help or advice.
Please forward this email to any of your contacts who might find it of benefit. |
|
|
Regards
Peter Etherington
Tel: 01664 668164
www.etherington.co.uk
|
 |
|
|
| GDPR Seven Years On |
| Are you keeping compliant? |
| Our approach to GDPR with respect to HR data was, as ever, to try to keep it as simple as possible and to cause our clients as little difficulty as possible to comply. To that end we helped them set up a register of HR data (an Excel spreadsheet) to show what they keep (process), why they keep it, and to set out the legal basis for them to do so. This was the platform from which we then drafted their privacy notices for staff and recruitment candidates and the data protection policy in their staff handbook. We believe that by maintaining the register and reviewing these documents as necessary, our clients will be able to demonstrate that they have taken reasonable steps to comply with GDPR if they were ever to come under scrutiny.
If you use a similar approach, we recommend that you review your register on an annual basis. If you have not done so for a while and if you have lost track of it to some extent, or if you have not put in place any GDPR measures, etc, please feel free to contact us so that we can assist you with the process. |
|
|
| Data Subject Access Requests |
| Importance of Compliance |
| We have seen data subject access requests used in a tactical way by disgruntled employees and their representatives. It can be very onerous to comply with such requests, as you may have to search emails, WhatsApp messages. Teams chats, etc of a large number of staff members in order to comply.
For the employee it can be a good way of getting hold of evidence which may be quite damning, or at least can portray the employer in a poor light. So it is good practice to be circumspect in emails and messages when referring to a problematic employee. Phone calls and face to face meetings can be better as they are not recorded (but any notes taken may be disclosable).
If you receive a data subject access request you normally have one month to comply with it. This can be extended by a further two months if the request is complex. Depending on the nature of the request and the context (e.g. if it is connection with a tribunal claim), it may be advisable to take legal advice regarding how much information you have to supply. We are not data protection specialists but we can direct you to other sources of support if necessary.
You may also wish to refer to the Information Commissioner’s Office guidance. |
|
|
| National Minimum and Living Wage |
The current National Living Wage and National Minimum Wage rates are:
- £12.21 per hour for workers aged 21 and over
- £10.00 per hour for workers aged 18 to 20
- £7.55 per hour for workers aged 16 and 17; and for apprentices under 19 and those over 19 in their first year*
*N.B. Apprentices over 19 and who have completed at least one year are entitled to the appropriate rate for their age. |
|
|
|
|
|
