GDPR and Data Protection
The General Data Protection Regulation (GDPR) is due to come into effect on 25 May 2018, replacing the existing data protection framework under the EU Data Protection Directive. The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.
The GDPR will enhance existing individual privacy rights considerably, and organisations should review in advance their current employment practices to ensure alignment and compliance.
The Office of the Data Protection Commissioner has produced GDPR specific guidance that organisations should familiarise themselves with, in anticipation of legislative changes next year. The DPC will continue to release briefing notes for data controllers and data processors in the run up to the implementation date, and has also launched a GDPR dedicated website.
Employers are also encouraged to have a data protection policy, which includes details on the recruitment practices, use of information and communications technology, transfer of personal data, record keeping and other key issues relevant to the organisations' obligations under data protection legislation.