Data protection in the workplace: what do employees need to know?
It is important for employers to provide GDPR training so that employees are aware of their rights and obligations in the workplace. GDPR stands for The General Data Protection Regulation.
“Data” relates to any information which can directly or indirectly identify an individual. This can include information that relates to factors such as: physical, mental, economic, cultural, social, genetic data which directly or indirectly links to an individual.
“Personal data” is data that relates to or can identify a living person, either by itself or together with other available information. Examples include a person’s name, phone number, bank details and medical history.
What you should know about data breaches
A personal data breach refers to a breach of security where there is any unauthorised disclosure, access to, alteration, loss or destruction of a person’s data.
A breach will need to be reported to the organisation’s supervisory authority if it is likely to damage the individual in terms of loss of reputation, financial loss, discrimination or loss of confidentiality. A notifiable breach should be reported within 72 hours of the company being aware of it.
As an employee you should be aware of your company policies and procedures and follow these where you can.You should report any issues,concerns, breaches to your line manager or data representative. If the concerns about a potential data breach are unresolved or ongoing, raise them directly with the data officer within your organisation.
Serious infringements can mean that an organisation could be fined up to 20million for breaching GDPR.
What are your rights as an employee?
Employees have a number of rights under GDPR and an employer should be transparent about how they will use your data.
- Information about the collection and processing of their personal data
- Access the personal data and supplementary information held about them by the data controller
- Have their personal data rectified by the data controller if the personal data they have is inaccurate or incomplete
- Have their personal data erased by the data controller
- Restrict a data controller from processing their data if they consider it is unlawful or the data is inaccurate
- Object to their personal data being processed for direct marketing, scientific or historical research
- Data portability – this allows them to get data from their employer and reuse it.
Should you have any queries regarding the above information or if you require assistance with your corporate, employment or immigration matter, please get in touch with a legal professional at Hudson McKenzie via email at firstname.lastname@example.org or by telephone +44(0) 20 3318 5794.
The information provided does not amount to legal advice.