GDPR and employment law

Understanding the General Data Protection Regulations (GDPR) in the context of employment law and your employees is complicated, as there are elements of personal data you require about a person to able to employ them.

GDPR impacts every part of a business, including HR and employment data.  The GDPR tightens and extends the rules governing the processing of personal data by organisations, but processing still means doing anything with it and personal data still means any information about an identifiable living individual; it could be just an email address.  We explain here the main changes that GDPR introduced, the implications on employment law and the processes when it comes to your employees.

What is GDPR?

GDPR came into effect across all the EU and EFTA member states on 25th May 2018, replacing the Data Protection Act 1998 in the UK (DPA), the Federal Data Protection Act in Germany (BDSG) and similar data privacy laws in all those states.  

It makes substantial changes to data protection rules in the UK and is enforced by local data protection agencies and courts, providing for fines for defaulters of up to 4% of global turnover or, if higher, EUR 20m. 

Do I need to make changes to contracts of employment or my staff handbook in light of GDPR?

Consent under the GDPR is a lot more difficult to obtain and can be withdrawn at any time which, from an employment perspective, is not an attractive prospect. Therefore, as an employer, you should steer away from obtaining employee consent and instead be relying on legitimate interests in order to hold personal data about employees.  With this in mind, you may need to amend their contracts of employment accordingly.

Staff handbooks will also need to be updated to include a Data Protection Policy which complies with the GDPR and reflects the principles contained within it.

Once these changes are made, you should send employees a notice confirming certain details, including how the data will be processed and what it will be used for.  Your employees are not required to sign such a document; you are only required to have sent this.

What other steps do I need to take to be GDPR compliant?

GDPR applies to all aspects of a business and not just to the employment of staff. 

You therefore need to make sure you take steps throughout your organisation to comply with GDPR.

To find out more about the impact the GDPR will have on your employment contracts, staff handbooks and the wider business, you can contact the Employment team on 023 8071 7717 or email

To speak to one of our experts please call us

Friendly and very professional in her approach.