The introduction of the General Data Protection Regulation (GDPR) in May 2018 created a single approach and framework for data protection and control in businesses. GDPR creates an onus on businesses to take responsibility for the protection of personal data they hold - and to demonstrate that they have done so.
We regularly advise clients on how to store personal data they process so that it conforms to the rules of the GDPR, as well as providing robust and practical advice on how to demonstrate they have done this. The steps a business needs to take can range from documentation to show how the business is monitoring employees, to policies on how the business stores data and the use of social media by employees.
We have a wealth of experience in working on data subject access requests and we have a standalone data protection team who are able to provide further technical expertise in this domain. Together we regularly advise clients on processing and controlling personal data in compliance with the GDPR and ensuring employers have robust privacy policies in place, as well as GDPR compliant wording in their employment or consultancy agreements.