The Arrival of the new General Data Protection Regulations (GDPR)

The EU’s General Data Protection Regulations (GDPR) will come into force on 25 May 2018, replacing the UK’s Data Protection Act 1998 and will affect all employers in areas such as recruitment, subject access requests and obtaining consent from an employee to their personal data being processed.

Matthew from Consensus HR states “Data Protection is one of those areas within business that many people unfortunately do not take serious and see it as an inconvenience. However with the arrival of the new GDPR next May 2018, employers are going to need to ensure that they follow the regulations or face a possible fine of 20 million Euro’s or 4 per cent of their annual worldwide turnover”

Victoria Albon, an employment associate at law firm Dentons, explains the changes and suggests how they may be dealt with.

Will Brexit make a difference?

Business Owners with employees might wonder if they can ignore the new legislation, given its purpose and that it is an EU law. This is not an option. The GDPR will automatically become law in the UK next year, and the UK government has made clear that it will comply. Even after Brexit, the UK will want to keep the new regulation, or something similar to it, to ensure the free flow of data with its trading partners. Employers that don’t comply risk a maximum fine of 20 million Euros, or 4 per cent of their annual worldwide turnover, whichever is the greater sum. The GDPR is not going away.

What is staying the same?

The core rules of the Data Protection Act will remain. In particular, employers will continue to process data as ‘data controllers’ and that processing must comply with six general data protection principles similar to those set out in the Act, although there are significant additions. The concept of ‘sensitive personal data’ also remains, although the GDPR refers to it as “special categories of personal data”, and the concept has been expanded to include genetic and biometric data. Other key concepts will continue but will look different under the GDPR.

What is changing?

For employers and HR professionals, the key changes connected with the GDPR concern consent, subject access requests, and automated decision-making. The challenges presented by these changes are certainly not insurmountable, but organisations should begin preparing their businesses for them now, if they have not done so already, to ensure a smooth transition to the new regime.

Consent

The GDPR will require employers to obtain a higher standard of consent from individuals to their personal data being processed. Employees must give consent freely, specifically and when informed (nothing new there), but the consent must also be unambiguous and affirmative, and those giving it must be able to withdraw it easily. Where information falls into one of the ‘special categories of personal data’, that consent must also be explicit. The general consent to data processing, commonly used in employment contracts, is going to have to change.

The regulation also states that an employer cannot rely on consent when processing data. This is because there is a “clear imbalance” between the parties to an employment relationship, so employers should presume an employee has not consented freely. So, consent on its own may no longer provide a legal basis for processing employee data.

Key practical points

  • Organisations should consider using another lawful basis for processing employee data (for example, performance of an employment contract, the legitimate interest of the business, or for public sector employers, performance of a public task).
  • The lawful basis for processing the data will vary depending on the purpose – an employer should consider each occasion as a separate matter.
  • Organisations should continue to obtain consent. To rebut the presumption that an employee has not consented freely, employers should ensure the wording clearly states personal data will not be processed if the organisation does not receive consent.
  • Employers should put in place standalone agreements which employees are invited to sign in order to positively affirm their consent.

Subject access requests

Employers now receive an increasing number of subject access requests, and the GDPR presented an opportunity to ban subject access requests that were nothing more than a ‘fishing exercise’. But this has not happened, so the current case law on this issue will continue to apply. However, the regulation is a new opportunity for employers to refuse to comply with requests which are “manifestly unfounded or excessive” although there is no guidance on exactly what that phrase means.

The regulation will make subject access requests more challenging for employers to deal with. Except in certain circumstances, an employer cannot levy a charge for complying with a request, and will have to comply within one month, rather than the current 40 days.

  • Before rejecting a subject access request as “manifestly unfounded or excessive”, Manager / HR professionals should seek to narrow the scope with the employee concerned. They should consider this even where they don’t plan to reject a request; given there will be no fee and less time in which to comply.
  • The regulation provides scope to extend the compliance time limit by a further two months where a request is complex. Management / HR professionals might wish to use this provision to extend time for compliance with all but the most basic requests.
  • Larger employers, and those who receive high numbers of subject access requests, should consider the logistics of dealing with requests more quickly and, where appropriate, consider whether the organisation can change the internal infrastructure to facilitate this.
  • Organisations could also consider putting in place systems allowing individuals to access their information easily online – this is recommended as best practice under the GDPR. However, employers may find it does more harm than good to have this information readily available and should think carefully before going down this route.

Automated decision-making

The regulation introduces a new right for individuals not to be subject to decisions based solely on automated processing that have a damaging impact on them, whether legally or otherwise. Such decisions should have human intervention. Employers are most likely to face this issue when using online recruitment.

Key practical points

Employers should reconsider the use of filters, which might lead to job applications being disregarded before they are considered by a human being.

If an employer does use filters, it should ensure that job applicants have the opportunity to opt out of them on an individual basis.

If the volume of online applications is unmanageable without the use of filters, organisations should consider whether the automated decision making is necessary for entering into, or the performance of, a contract, because this is an exception to the right. Employers will need further guidance from the Information Commissioner’s Office (ICO), or from case law, to be in a better position to know whether reliance on this exception might be justifiable.

If your company needs support with ensuring its Data Protection Policy & Processes are up to date and ready for the new regulations, contact us at Consensus HR.

Mental Health: The HR Perspective

mental healthMental health has been catapulted into the headlines recently, thanks to Mental Health Awareness Week (8 – 14 May) and royal revelations from Prince Harry about seeking counselling and his support of the charity Heads Together.

There is increased awareness and openness about mental health. How should employers recruit, support and/or manage employees who are affected?

 

Recruitment

An Employment Appeal Tribunal found that the Government Legal Service’s (GLS) mandatory test (used during recruitment of lawyers) was guilty of indirect discrimination. The claimant has Asperger’s Syndrome. Her psychiatrist had made previous recommendations (in relation to her university courses) that a multiple choice format test would not be appropriate for her. As the GLS test was not available in different formats, the claimant was severely disadvantaged during the recruitment process.

The Employment Appeal Tribunal acknowledged that the GLS needed to test the core competency of ability of its candidates to make effective decisions. However, it found that a psychometric test was not the only way to achieve this.

“It is valid for employers to assess the essential skills required within a job role, “explains Matthew Pinto-Chilcott of Consensus HR. “However, the test method should adapt to the needs of individuals.”

Support

Supporting mental health in the workplace can be challenging and the issues around it are complex. Therefore, it is important that employers are aware of their legal obligations and the issues that arise. Three key issues are involved:

  • Health and safety
  • Disability discrimination
  • Personal injury claims

Employers can manage mental health issues via two key approaches: having policies and procedure in place to deal with mental health issues, and supporting employees via training (for managers especially), return to work interviews and on-going support in the workplace and during periods of absence.

“Professional advice can ensure that policies support both the organisations and its people,” says Matthew from Consensus HR. “With growing awareness and openness about mental health issues, this step is increasingly important.”

Management

Clear, honest communication between employers and employees should determine the nature of support required and the best way to provide that help. However this path relies upon individuals being open about their mental illness. Often, people are concerned about revealing their illness to their employers, leading to deliberate concealment.

Concealment is potentially a problem right from the start as people are not obliged to disclose any health issues during the recruitment process. However Employment Law Consultant Kevin J Murphy explains that if there is a contractual requirement upon an employee to disclose medical conditions which may affect their ability to do their job and the employee has concealed it, there is action you can take.

He explains: “A deliberate concealment can mean that the contract is void if there was a requirement to disclose detailed within it. Further, an employer could rely on the employee’s dishonesty as a reason for dismissal, but might need evidence of their decision to hide their illness.”

“Any dismissal on either of these grounds should still follow the ACAS Code of Practice on Disciplinary and Grievance Procedures to assist the employer to evidence that the dismissal is not based on the employee having a disability – but their dishonesty.”

Matthew from Consensus HR adds: “By thinking through the functions involved with specific job roles and adding clauses to the contract of employment, employers can achieve protection for their organisations whilst supporting the individuals involved. It’s important to get the HR basics right.”

Mental health issues within the workplace is a complex subject and one that is very important to both businesses and people. Further details are available within our article: Employees with Mental Health Issues Face a Lack of Support and Discrimination.

mental healthIf you would like to find out more and discuss your organisation’s circumstances, contact Matthew on 01462 621243 or email info@consensushr.com for an informal, no-obligation discussion.

 

 

The Apprenticeship Levy is here!

Are you thinking of taking on an Apprentice?

If yes, then as of April 6th 2017, companies with a salary bill over £3m must spend 0.5% of this amount on Apprenticeships.

You will report and pay your levy to HMRC through the PAYE process.

The levy will not affect the way you fund training for apprentices who started an apprenticeship programme before 1 May 2017. You’ll need to carry on funding training for these apprentices under the terms and conditions that were in place at the time the apprenticeship started.

For further information visit the Government Website which gives detailed information on how to implement this successfully within your business or if you would like some HR support please do not hesitate to contact us.

Apprenticeships, Apprentice, HR Support, HR Advice, Disciplinary & Grievance, Employment Contractswww.Consensushr.com,  01462 621243,  @Consensus_HR

 

 

A spare £25,000 anyone? – Employment Contracts

Employment Contracts, HR Support, HR Advice, See, SME's, Employment LawA spare £25,000 anyone?

This is what it could cost a business in a worse case scenario for not providing an employee with a Contract, read on to find out why.

Why do you need to provide them?

When we carry out Company HR Health Checks on their current HR provision, one of the main questions we always get asked is why they have to have an Employee Contract & what is the benefit to the business on making this reasonable investment when funds tend to be tight?

Here are just a few of the main answers:

An Employment Contract ensures that all of your team are fully aware of the main terms within the business and ensures everybody is fully aware of the main terms of their employment such as:

  • Name of employer and employee
  • Pay and whether it’s weekly, monthly pay etc.
  • Job description/job title
  • Pensions and pension schemes
  • Date employment and continuous employment started
  • Working hours
  • Details of any collective agreements that directly affect the employee’s conditions of employment.Employment Law
  • Disciplinary and grievance procedures following the Acas Code of Practice.
  • Job location
  • Holiday entitlement
  • Sick leave and pay entitlements
  • Appeals procedure under the Discipline & Grievance.

You are also required by law to provide employees with a written statement of terms and conditions of their employment (i.e. employment contract), within 2 months of them starting to work with you.  If this is not in place, you could be taken to an employment tribunal and fined between 2-4 weeks pay.

More importantly, if you don’t have any terms of employment put in writing for an employee and there is a disagreement later down the line about what was agreed, you could be looking at a breach of contract claim.  Compensation pay-outs for breach of contract claims can be up to £25,000 if taken to an employment tribunal or £50,000 at the High Court.  Definitely not worth taking any risks.

When we write an Employment Contract we ensure all of these areas are included but also look at what else maybe needed to suit the needs of the business such as ‘Deductions from wages’ an area that is often needed when somebody leaves the business, probation period and compassionate leave for families to name a few.

If you are worried about the contents / use of your current Contract and wish to ensure that your business is working to best practice & within the law, contact us now on 01462 621243 or alternatively complete our Contact Form by clicking here.