In simple terms GDPR is a legal framework that sets guidelines for the collection and processing of personal information from individuals. The main UK legislation governing data protection is the Data Protection Act 2018 (DPA). The DPA reflects the General Data Protection Regulation (GDPR).
Your employer should appoint a Data Controller – this is someone within the organisation who is responsible for deciding how and why personal data is processed. The Data Controller is also responsible for ensuring that the key principles under GDPR are complied with.
The UK GDPR sets out seven key principles:
Your employer should have a GDPR policy in place which sets out how they will handle any data that they hold about you.
One particular right that employees should be aware of under the GDPR is to request a copy of personal data that their employer holds about them, which is called a data subject access request. This is commonly used where there are contentious issues involved, particularly in advance of bringing tribunal proceedings, but are not limited to such occasions and can be requested at any time. If a request is made, your employer should provide the information requested within 30 days, however it is advisable to set out the scope of the information requested, as if this is too broad your employer may be entitled to request an extension or argue that the request is unreasonable.
The Information Commissioners Office (ICO) is an independent body which promotes and enforces the DPA in the UK. If you have concerns as about how your employer is holding or processing your data, you can lodge a complaint with the ICO.
Birmingham – 0121 616 4450
Latham House | 33-34 Paradise Street |
Birmingham B1 2AJ
Gloucester – 01452 612345
Rowan House | Barnett Way | Barnwood |
Gloucester GL4 3RT
Bristol – 01454 619619
250 Aztec West | Park Avenue | Almondsbury |
Bristol BS32 4TR
West End London – 0207 486 2908
57 Queen Anne Street | West End |
London W1G 9JR
Devon – 01271 533747
The Office | Coombe Farm | Beaford |
Winkleigh | Devon EX19 8LJ
Davies and Partners Solicitors is the trading name of Davies and Partners Solicitors Limited (Company Registration No: 10385547) registered in England and Wales. Registered Office: Rowan House, Barnett Way, Barnwood, Gloucester GL4 3RT. Authorised and regulated by the Solicitors Regulation Authority and its Solicitors Regulation Authority number is 634759. A list of Directors is available for inspection at each of our offices.