Order by:

Showing posts added by: Grahame Davies - Remove filter, show all posts

Jun

06

GDPR Checklist

 

The EU wide General Data Protection Regulation (GDPR) became the law in the UK on 25 May 2018. This has an impact upon any employer in the UK that processes personal data. ‘Personal data’ is any information that enables an individual to be identified. ‘Processing’ includes everyday use of that data to manage employees such as keeping their contact details and using their information to pay their wages.

If you have not already considered how GDPR impacts upon your business, how you handle the personal data of your employees or want to quickly check you have covered the main requirements, we’ve prepared a brief summary of what you need to have considered to ensure you are compliant.

Although we are solely advising in respect to HR, we would emphasise that all businesses need to consider how they handle the personal data of customers and review their marketing activity generally under GDPR. Please note that this falls outside the scope of the above checklist.


Posted by: Grahame Davies
View more by: Grahame Davies Back to top

Mar

28

GDPR – An introduction for employers

 

The EU wide General Data Protection Regulation (GDPR) becomes law in the UK on 25 May 2018.  This has an impact on any employers in the UK that process personal data.

‘Personal data’ is any information that enables an individual to be identified.

‘Processing’ includes everyday use of that data to manage employees such as keeping their contact details and using their information to pay their wages.

This guide aims to provide awareness of the changes in the law and how this impacts upon how you use, store and retain data in respect to your employees.

Businesses are advised to also consider what other personal data they process and control.  They should conduct a data audit and have regard for the requirements of GDPR.  This document only covers how GDPR applies to the HR aspect of your business.

For employers the key issues to focus on are:

Privacy Notices

You must formally advise all employees (and applicants during the recruitment process) about how the personal data you hold about them is used, shared and retained. The notice needs to state what information you have, why you have it and what you use it for.

Where you share employee’s personal data with any other party, you must ensure it is made clear to the employee in the Privacy Notice.

You must have a legal reason for processing personal data and state what that is in the Privacy Notice.

The Privacy notice must be issued to all employees either individually or it can be included in your Employee Handbook.

New rights for employees

  • Subject Access Request – Employees have always had the right to request details of the personal data you have about them.  In future you must provide the information they want within 30 days.
  • Right to rectification – Employees can ask for errors in the personal data you have to be corrected.
  • Right to be forgotten – In some cases employees can ask for a personal data record to be removed. The employer needs to be able to evidence that the data has been removed.

In anticipation of these changes Opsium have prepared a template Privacy Notice document for our clients to use for this purpose and it has also been included in the up to date handbook.

Breach Reporting

If there is a data breach, meaning someone who shouldn’t have has seen or is in possession of the data, it is mandatory that you report it to the Information Commissioners Office (ICO), within 72 hours of the breach.  They can be reached on 0303 123 1113.

Penalties for breaches

A breach could result in a fine for the employer.

Registration with the Information Commissioners Office (ICO)

You do not need to officially register with the ICO as a data processor if you are only using personal data for Staff Administration.  However, you must still comply with all data protection obligations.

If your business is processing personal data for other reasons not connected with Staff Administration, the position may differ and you should take further advice.

Record of Data Processing

You should consider whether to conduct a data processing audit and record in a formal Record of Data Processing document how you manage personal data. Generally small employers are not required to create a Record of Processing document.  However your business may be required to hold a Record of Processing document in respect to your other activity when processing personal data. The ICO website indicates that:

There is a limited exemption for small and medium-sized organisations. If you have less than 250 employees, you only need to document processing activities that:

  • are not occasional; or
  • could result in a risk to the rights and freedoms of individuals; or
  • involve the processing of special categories of data or criminal conviction and offence data.

Opsium have prepared a template Record of Data Processing Activity document for employers to use for this purpose.  However this template is a starting point and will need to be edited to fully reflect the data processing activity of your business.

Data Protection Officer

Some organisations may be required to appoint a data protection officer (DPO).  However it is unlikely this requirement will apply to an employer with less than 250 staff, unless they are using personal data on a larger scale or processing special categories of data.

The ICO website states:

Under the GDPR, you must appoint a DPO if you:

  • are a public authority (except for courts acting in their judicial capacity);
  • carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or
  • carry out large scale processing of special categories of data or data relating to criminal convictions and offences.

Brexit

The Government has confirmed that GDPR rules will apply post Brexit.

How can Opsium help?

We are available to provide advice to clients on how to ensure they are compliant with GDPR from an HR perspective.

If you would like more information on how to become an Opsium client, please call our team on 0161 603 2156.


Posted by: Grahame Davies
View more by: Grahame Davies Back to top

Mar

01

GDPR is coming

 

It can’t have escaped your notice that the EU wide General Data Protection Regulation (GDPR) becomes law in the UK on 25 May 2018.  This has an impact on all businesses in the UK that process personal data. Personal data is any information that enables an individual to be identified.

Any business with employees processes personal data and therefore needs to be aware of the changes in the law and how this impacts upon how they use, store and retain data.

Businesses also need to consider their wider activities in terms of when and how they handle the personal data of clients, customers and potential customers. However, for employers the key issues to focus on now in terms HR and GDPR are:

Privacy Notices

Employers need to formally advise all employees (and applicants during the recruitment process) about their personal data process. The notice needs to state what data they hold, why they hold it and what they will use it for.

Third Parties

Where an employer shares employees personal data with a third party supplier, they need to ensure this is made clear to the employee in the Privacy Notice.

Legal Basis

An employer needs to have a legal basis for processing personal data, and needs to specifically state what that is in the Privacy Notice.

Record of Processing

All businesses need to consider whether to conduct a data processing audit and record in a formal Record of Processing document how they manage personal data in the business.

Subject Access Request

Individuals have always had the right to request details of the personal data held about them. In future such a request should now be processed for free and must be dealt with within 30 days.

Right to Rectification

Employees can ask for errors in the personal data their employer holds about them to be corrected.

Right to be Forgotten

Subject to certain limitations, individuals can ask for a personal data record to be removed. The employer needs to be able to evidence that the data has been removed.

Information Commissioners Office

It will now be mandatory for the employer to report any data breach to the Information Commissioners Office (ICO).

Registration

A new fee structure and registration process has been introduced by the ICO.  However businesses that that only use personal data for staff administration are exempt from this.

No Exceptions

Even if your business does not need to register with the ICO you still need to comply with the other data protection obligations.

If you have any questions or need further advice on getting GDPR ready please contact Opsium.


Posted by: Grahame Davies
View more by: Grahame Davies Back to top

Jul

27

Supreme Court puts an end to employment tribunal fees

 

In a shock decision, the Supreme Court have ruled that fees for bringing employment tribunal claims are unlawful and will be removed with immediate effect.

In 2013, the Government introduced fees claiming it would cut the number of weak and malicious cases, although statistics provided by the Government suggest it may have also helped to prevent legitimate cases with 79% fewer cases being brought to tribunal since the fees were introduced.

The decision, following a judicial review application by Unison, holds that the statutory order which introduced the fee system was not a lawful exercise of the Lord Chancellor’s statutory powers, because the requirement to pay tribunal fees unjustifiably interferes with access to justice, frustrates the enforcement of employment rights, and discriminates unlawfully.

While the Supreme Court held that the Lord Chancellor did have legitimate aims in introducing tribunal fees, the fee regime was not a proportionate means of achieving those aims. In fact, the Supreme Court held that for any fees to be lawful they must be reasonably affordable for low or middle income families. The current level of fees meant that claimants would need to restrict their ordinary and reasonable living expenses to afford bringing a claim.

What does this mean for employers?

Until further notice, employment tribunal fees will be null, meaning that the number of employees bringing a claim against their employers is expected to rise dramatically. No longer will they need to balance financial obligations with perceived access to justice, so as an employer you will need to ensure due diligence is undertaken whenever a decision is made which could bring about a case.

On a lighter note, for those employers who have paid fees within the last three years, the Lord Chancellor has given a legally binding promise to refund any tribunal fees, a process which is expected to begin immediately.  

Out of time applications

Employment tribunal claims for unfair dismissal or discrimination are subject to strict time limits of three months in most cases, but this judgment could potentially open the floodgates for any employee dismissed in the last three years to bring about a claim.

As the Supreme Court has already held that fees have deterred claimants from seeking access to justice, it is arguable that the tribunal will take this into account when assessing any out of time applications.  All employers need to be aware of this risk and seek advice if they hear from the tribunal in these circumstances.

What next?

If you are unsure what this judgment means for your business please don’t hesitate to contact us for more information. We will be holding a webinar on Tuesday 1st August at 12pm to discuss this decision, please click here to book your place.

We will also be releasing a free podcast where will be discussing the decision in more detail, stay tuned for more information. 


Posted by: Grahame Davies
View more by: Grahame Davies Back to top

Sep

14

Why you should have the time for zero hours contracts

 

With the recent bad press surrounding zero hours contracts, many are calling for their abolition. From Sports Direct to care staff across the UK, there has been a wide misuse of zero hours contracts, but does that mean your business should rule them out? We look at the other side of the zero hours coin to find out why they could benefit your business and staff.

Let’s start with Mike Ashley.

When he’s not alienating the St James’ Park faithful, you can find him being admonished for shoddy work conditions in front of a review committee. Conditions in his warehouses have been compared to those of a Victorian workhouse with one member of staff giving birth in a bathroom due to fear of taking time off.

While the review committee revealed many shortcomings in the way Sports Direct treated their staff, the zero hours contract has been highlighted as one of the key issues. But should it have been? 

Cameron’s contract

While many see the zero hours contract as a way for the Conservatives to fudge the employment figures, the practice has been used for decades and in other countries is often referred to as a part time or temporary work.

In truth, a zero hours contract has no legal definition and is used as an informal agreement with an employer who will provide hours when needed, but aren’t guaranteed. While some argue this is outdated and a way of oppressing workers, it’s generally beneficial for both sides.

Zero hours industries

The hospitality and retail sectors make the most use of zero hours contracts due to the peaks and troughs their industries are likely to go through during seasonality. A restaurant isn’t likely to succeed if it had to pay staff during quiet periods, therefore they need to work with their workers to effectively manage rotation to suit their busier periods.

Zero hours contractual rights

This will depend entirely on whether your staff are defined as an employee or a worker. Both are entitled to minimum wage, paid holidays, rest breaks and protection against discrimination. Employees are additionally entitled to protection against unfair dismissal, redundancy pay and time off for emergencies. Employees also need to provide a minimum notice period. 

One area of contention for zero hours workers is that they feel they are ‘punished’ for not accepting hours that are offered. This is often in the form of moving down the list when the next set of hours becomes available.

Flexibility

If you’re looking at taking on the zero hours template then it pays to be flexible. When taking on workers try to understand their availability while also getting across your expectations. For instance, if you often require someone at the drop of a hat but the worker is dependent on public transport it may be worth managing your expectations. Likewise, if someone repeatedly turns down work they need to be made aware that they will no longer be offered hours going forward.

Above all else, zero hours contracts should be reviewed on a regular basis. If you find that you have the ability to take someone on a full or part time contract, do so. It will show people that their hard work and loyalty does pay off.

Be honest regarding your requirements. A few hours a week may suit a student, but someone who has a family to support or bills to pay may find waiting around frustrating. Don’t overload with zero hours contracts as you may find that you alienate more talented individuals by playing the odds.

For more information about zero housr contracts and how best to implement them in your business please call us on 0161 603 2156. 


Posted by: Grahame Davies
View more by: Grahame Davies Back to top
Page 1 of 5

Employer Protect

Expert HR advice and assistance when you need it, coupled with insurance cover for your legal costs and awards

Find out more

How we can help

Opsium provide the advice, guidance and practical tools you need for a happy, motivated workforce

Find out more