Ensure employment policies and procedures relating to data protection issues are fit for purpose: It is essential that your policies and procedures are reviewed and updated on a regular basis to reflect changes in both legislation and practice. Policies within staff handbooks covering data protection and the use of social media, IT systems and devices (such as mobile phone and laptops) should be non-contractual to allow you to make changes without consulting with your entire workforce. Your policies should set out the standards employees must meet when processing personal data as part of their job role and the implications if these standards are not met.
Provide regular and tailored training: Comprehensive training on data-related issues, including refresher sessions, should be provided at regular intervals and records maintained to evidence this. Whilst the frequency will depend upon the employee’s role, it is crucial that training is updated and refreshed, particularly if a breach may result in disciplinary action being taken, as an employee may allege that they have not received adequate training.
Check that employees know how and when to report any suspected data breaches: All employees should understand to whom a breach should be disclosed within your organisation and the consequences of non-compliance with your procedure. Creating a ‘no blame’ culture that recognises that breaches happen in all organisations will encourage employees to speak to you promptly. This will, in turn, allow you to comply with the requirement to inform the Information Commissioner’s Office within 72 hours of a data breach. If your employees feel supported, the level of non-compliance and potential liability for your organisation will be reduced.
Have a ‘clear desk’ policy: Desks should be kept free of papers and employees asked to lock their screens when away from their desks. Personnel files should be securely locked away and access limited to members of your HR team. Against the backdrop of the Covid-19 pandemic and wide-scale adoption of home working, these practices should be extended; documents should be stored appropriately at home and confidential calls taken in private to prevent potential personal data breaches.
Keep employee personal data protected before - and after – employment: Data protection issues arise throughout the life cycle of an employment relationship and beyond. You should be equally mindful of issues regarding the use of data whether dealing with candidates or leavers. Ensure you have appropriate privacy notices in place to let current, former and potential employees know how and why their personal data is used. Limit access to employee data to members of your HR team. Ensure you have identified an appropriate lawful basis for processing employee data, particularly sensitive data such as health data. Have a clear employee data retention policy and ensure you adhere to it to prevent information being from kept for longer than is necessary.
If you have any queries regarding our top tips for Employment or need help in implementing them, do get in touch.
Please feel free to like and share our top tips and check back again tomorrow for our next set of top tips.
Happy Data Privacy Day from the Birketts Data Protection Team.
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at January 2021.