DP and HR – Getting data protection right for employees

“Staff are our greatest asset”

“We couldn’t do it without our volunteers”

One way of demonstrating the value that you place on your workforce – volunteers as well as staff – is by keeping the personal information that they share with you safe, secure and confidential.  

If you’re not fully convinced by that argument, this is a friendly reminder that the obligations and rights set out in the GDPR and the DPA 2018 apply to staff personal data as much as to your customers, supporters and other stakeholders.   The risks of getting it wrong can be costly. 

Regardless of whether you have a workforce of 5 or 5,000 we suggest you can keep on the right side of the law, respect the data privacy of your biggest asset whilst still delivering the HR functions that are critical to your organisation.

Our webinar covers the top 5 question that we get asked about data protection and HR.  The main concerns are around recruitment, staff access to their personal data, and how long to keep things for.    

These are the top 5 questions – and our very headline answers; please join the webinar for more detail on what the issues are and what you need to consider putting in place.

  1. What should we do with CVs, interview notes and other stuff gathered during recruitment?

Use the successful applicant’s information to start their personnel file,  and delete the other applicant data after 6/12 months.

  • Do we need to get consent from staff to keep their personal data?

For most uses of personal data, you won’t need to get consent from staff or volunteers.

  • Can staff really ask to see what’s in their personnel file?

Yes!  And you should work on the basis that they may be able to see all of their personal data – though you may be able to withhold some data by exception.

  • Can we monitor staff emails?

Yes.…. but monitoring has to be proportionate and transparent.

  • How long do we need to keep personnel records for once someone has left the organisation?

There are minimum periods for some types of information, and organisations also need to make decisions based on business need.

We’ve also got suggestions for immediate actions you can take and resources you can use to help you to embed data protection across the whole employment lifecycle.

Sign up to the webinar here.

If you have feedback for us about this privacy notice, please let us know using the Contact Form