Data Privacy Day is an international event that occurs every year on 28th January. The purpose of this day is to raise awareness and promote data privacy and data protection best practices and of course we all want to make sure that our personal information is looked after so it is important to understand the significance of having the correct policies and documents in place for Data Protection.
Data Protection Acts
The Data Protection Act 1998 was designed to protect personal data using 8 core principles;
- Fair and Lawful
- Purposes
- Adequacy
- Accuracy
- Retention
- Rights
- Security
- International transfers
The act was replaced in 2018 by the Data Protection Act 2018 which encompasses the General Data Protection Regulation (GDPR). These rules were designed to give you more control over your personal information and data, to find out what data organisations hold about you and why, including the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances
As an employer you are an organisation that holds personal data about your employees so you must ensure you are compliant with the regulations.
As an employer, you should have a Privacy notice for Applicants/Employees/Workers & Contractors. This is a legal document that you are required issue at the first point with a potential employee. e.g. when a candidate applies for a role within your company. We advise that you issue the privacy notice with your job adverts to avoid any protentional compliance issues with GDPR.
You should also consider a data protection/data privacy policy. It isn’t a legal requirement but it is an extensive detailed version of the privacy notice. Although it is not a contractual document your applicants, employees., workers and contractors should be aware of their own obligations under the DPA and GDPR. A policy will also reinforce your commitment to data privacy as well as providing guidance on what should be done in the unfortunate event a data breach takes place.
Here at vivoHR we can help provide you with these documents if you don’t have them in place for your business, please get in contact.
#dataprivacyday