Since all employers hold a variable amount of employees personal information, certain principles need to be followed to make sure that this information is handled and protected properly. In May 25th 2018 all businesses within the EU or ones that have customers based in the EU, need to update their data protection policies and proceedures, to ensure compliance with the updated regulation.
A summary of the GDPR 2018 update, is that the data kept by the employer must be:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- accurate
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection.
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- health
- sexual health
- criminal records.
