14 Years Celebrating of Client Service


Home Employers Job seekers Contact Us News

Everybody is talking about it – What are they doing about it?

The General Data Protection Regulations (GDPR), come into effect on 25th May 2018 and the Privacy and Electronic Communication Regulations 2015 (PECR) shortly thereafter. So, how does it affect you? Well many of the requirements have already been in place under the existing Data Protection Act and the PECR regulations of 2003 and you may well find that firms have not even been complying with these anyway!


The GDPR applies to the holding and use of personal data, that is, any data which can identify an individual person; much wider than you might think.

The following features apply to all:

Personal data must be held securely and there are significantly increased fines for breaches of the Regulations.

Specific action is laid down regarding notification of breaches to the Information Commissioner’s Office, notifying the individuals whose data has been affected and there could be civil actions as well as criminal prosecutions as a result of the breach.

Data holders will need to thoroughly examine their internal procedures and IT and communications systems to protect data as far as possible.

Data can only be used for the purposes for which it was provided and must only be kept for as long as necessary. It must be accurate and kept up to date.

Holders of data must have consent to use the data or have “legitimate interests” to use it. These interests have to be justified.

Employers have to be very careful how they hold and use employees’ data as consent may not be an appropriate reason for holding it.

There are specific consent rules about keeping children’s data too.

There are rules relating to the passing of data to interests outside the EU.

Individuals have the right to ask for details of the data held by a firm at no cost, the right of rectification of incorrect data and can ask for the data to be deleted (the right to be forgotten) or its use restricted.

Page 2: GDPR and its impact on recruitment