Few employers will have failed to notice that the General Data Protection Regulation (GDPR), comes into effect on 25 May 2018.

All employers should be well on the way to finalising their preparations for this, including: making a record of the personal data they hold, and why; identifying why they have personal data and how it is used; checking their security arrangements in relation to personal data; developing processes for dealing with data breaches; and preparing privacy notices for employees and job applicants.

Employers should also ensure that they are aware of the changes to the law on subject access requests and other data subject rights. Given the publicity that the GDPR and the ongoing saga of Facebook and Cambridge Analytica has attracted, individuals are now far more likely to request access to their data and to ask for their data to be corrected or erased.

Capital Law offers in-house training on these and other GDPR related issues. Get in touch for more information.