Search

Data protection for employees under UK’s law

Appropriate policy document

The controller has an obligation to have an “appropriate policy document” in place, if the data processing is necessary to perform or exercise the controller’s or data subject’s obligations or rights in connection with employment (Schedule 1(1) DPA). The requirements regarding such an appropriate policy document are described in Schedule 1(38-41) DPA.

Records of processing activities

Controllers are obliged to include further information in their processing records (Schedule 1(41) DPA):

  • details about the processing in the employment context
  • how the processing satisfies the lawfulness of processing (Art. 6 GDPR) and
  • whether the data is retained and erased in accordance with the controller’s policies and, if not, the reasons for not following those policies

Restrictions of data subjects’ rights

Information and access rights do not apply to personal data consisting of training or employment references. (Schedule 2(24) DPA)

activeMind.legal Rechtsanwaltsgesellschaft is a law firm specialising in data protection law. With our partner firms in the UK and Switzerland, we cover all aspects of GDPR compliance and national data protection law in Europe.

Munich

activeMind.legal
Rechtsanwaltsgesellschaft m. b. H
Potsdamer Straße 3
80802 Munich, Germany

+49 (0) 89 / 919 29 49 00

Berlin

activeMind.legal
Rechtsanwaltsgesellschaft m. b. H
Kurfürstendamm 56
10707 Berlin, Germany

+49 (0) 30 / 770 19 10 70

Services

Resources

About

Group

© 2016-2024 activeMind.legal

powered by rethink digital & KLEINWERKSTATT

Contact us!

+49 (0)89 / 91 92 94 – 900

Full details of how we handle your data can be found in our privacy policy.

Secure the knowledge of our experts!

Subscribe to our free newsletter:

By clicking on "Subscribe now" you consent to receive our newsletter. We will only use your data in accordance with our privacy policy.