» Home » Employer Services » Employment law » During employment » GDPR and Data Protection

GDPR and Data Protection

The Data Protection Acts 1988 to 2003 currently instructs organisations on their data protection obligations.

The General Data Protection Regulation (GDPR) is due to come into effect on 25 May 2018, replacing the existing data protection framework under the EU Data Protection Directive. The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.

The GDPR will enhance existing individual privacy rights considerably, and organisations should review in advance their current employment practices to ensure alignment and compliance.

The Office of the Data Protection Commissioner has produced GDPR specific guidance that organisations should familiarise themselves with, in anticipation of legislative changes next year. The DPC will continue to release briefing notes for data controllers and data processors in the run up to the implementation date, and has also launched a GDPR dedicated website.

Employers are also encouraged to have a data protection policy, which includes details on the recruitment practices, use of information and communications technology, transfer of personal data, record keeping and other key issues relevant to the organisations' obligations under data protection legislation.

Preparing for a data breach under GDPR

25/07/2018 - There have been a number of high-profile data breaches reported in the media over the past year and, the sanctions and compensation levels that are enshrined in GDPR are leaving organisations fearful of dealing with these breaches.

Framework for a data protection notice

25/04/2018 - This document is a framework for a data protection notice for employees. It will need to be tailored to each organisation’s specific requirements and in particular, to each organisation’s personal data inventory. It should, therefore, be used as guidance only.

Framework for a data retention policy

25/04/2018 - This document provides a framework for a retention policy for HR records. This framework should be read in conjunction with the Ibec record keeping guideline. An organisation’s data retention policy will need to be tailored to each organisation’s specific requirements

Sample Data Protection Policy

25/04/2018 - This is a sample data protection policy. It will need to be tailored to each organisation’s specific requirements and in particular, to each organisation’s personal data inventory.

Data Protection Bill 2018 - A Summary

29/03/2018 - The Data Protection Bill aims to give further effect to the General Data Protection Regulation in the limited number of areas in which Member State flexibility is permitted. Some of the provisions most pertinent to employers preparing for GDPR are considered in this article.

Use of GPS/vehicle tracking systems and data protection

25/01/2018 - The use of GPS/vehicle tracking systems involves the collection of personal data as they record the location of the individual in charge of a vehicle at any particular time. An employer using or considering using a tracking system must be able to show a good business reason for such surveillance and may need to add a privacy switch.

New Ibec guides on GDPR issues

08/05/2017 - Ibec's GDPR taskforce have produced two new guides to help employers understand and comply with the General Data Protection Regulation that will come into force on 25 May 2018.

Are you a social media savvy employer?

12/04/2017 - These days many roles are devoted to engaging with customers across various social media platforms. It is important to train staff who are required use social media for work and to have a clear policy for those who are not.

Can an employee electronically record a disciplinary hearing?

26/02/2015 - Employers sometimes receive a request from an employee asking to make an electronic recording of a disciplinary hearing. Do they have a right to record?