GDPR: A Headache for Employers?

GDPR: A Headache for Employers?

Mohamed Bangura

Head of Employment and Litigation

The new EU General Data Protection Regulation (GDPR) will come in to force in the UK on 25th May 2018. The Regulation is the most comprehensive and extensive update to Data Protection law in the United Kingdom since the Data Protection Act 1998.

The aim of the Regulation is to uniformly protect all EU residents’ and employees’ privacy from data breaches in our notoriously data-led world.

Although this is a piece of European legislation, it will be imposed by the Government domestically despite Brexit and its extent and consequences for failing to comply will be just as strict.

For the most serious breaches, businesses could be looking at fines of up to 4 per cent of global turnover or €20 million, whichever is the higher.


The GDPR also has significance for employers, how they hold data about their employees and how that data is used, shared and stored.


All employers process ‘personal data’ about their employees from time to time. This makes you a holder of protected data and imposes obligations on you to protect that data.

You will need to be considering:

  • The kind of data you hold, where it comes from and who it is shared with. Are you holding sensitive personal data about your employees which may be subject to tougher rules?
  • Whether you need to consider appointing a Data Protection Officer;
  • Whether you will need to maintain a record of any activity which counts as processing of employee data;
  • Your degree of accountability for breaches of data protection, policies to prevent breaches and records of data retention;
  • Whether and how you have obtained the informed consent of your employees to process their data for the purpose you are doing so;
  • The change in the regulations from old data protection law about the amount of information you must share with employees about who has access to their data and how it is used.
  • The impact of the GDPR on Data Subject Access Requests and how you will comply with Subject Access Requests while still protecting employee data

The Employment Team at Neale Turk Rochfort are more than happy to speak to employers who are concerned about the introduction of the GDPR and assist with its implementation.