We support clients to get the basics in place, whilst advising on a wide range of employment matters.  Our clients range from the very small with just two or three employees, right the way up to bigger organisations with 50+ employees.

Here are our most frequently asked questions about “data protection and GDPR”.

Does the General Data Protection Regulation (GDPR) apply to small employers?

The General Data Protection Regulation (GDPR) applies to organisations of all sizes. Even where an organisation employs only a few people, it could still be processing a large amount of data and subject to the consequences of not following GDPR.

Do job applicants have the right to see their interview notes?

Job applicants, along with other “data subjects” have the right to request copies of personal data that an employer holds about them, including interview notes.

Employers should decide, in line with GDPR, how they will store interview notes so they are accessible, whilst being mindful that they should be destroyed when they are no longer needed.

Can an employer keep a candidate’s CV “on file” for future opportunities?

In order to do this, within the candidate privacy notice that an employer must provide under GDPR, it should be made clear that they intend to hold CVs on file, the basis for holding such information, and how long it will be kept for.

Can an employer ask a prospective employee to fill in a medical questionnaire?

Only after making a job offer to a prospective employee can an employer ask them to complete a medical questionnaire. The employer must make sure that they have a legal reason to ask for this information under GDPR, for example in order to establish fitness to do the particular work, to comply with health and safety obligations.

The employer must have a data protection policy in place that explains how they will comply with the GDPR principles for processing such personal data.

Do employers need to change and reissue employees’ contracts?

It’s not necessary for employers to amend contract and reissue for existing employees. However, they should issue an employee privacy notice to all current employees, overriding any now invalid data protection clauses in their contract.

Employers should update their template employment contracts with up to date clauses in line with GDPR for all new employees.

Get in touch

We love working with a variety of businesses and business owners – whether new on your business journey or well established. We are specialists in dealing with tricky HR issues as well as the essentials, like developing your policies and procedures.

Give us a call on: 01243 717693 or message us directly