GDPR
What is UK GDPR?
The UK General Data Protection Regulation (UK GDPR) was introduced in January 2021. It is based on the EU GDPR which came into effect on 25 May 2018 and applies to ‘controllers’ and ‘processors’ of personal data.
The UK GDPR was drafted as a result of the UK leaving the EU, it amended the Data Protection Act 2018 (DPA) and merged it with the requirements of the EU GDPR to form a new UK specific data protection regime. This is a business-critical area with multiple touch points for recruiters. Put simply, you are in the business of using the personal data of clients and candidates to make introductions and arrange placements. You may also employ large workforces about whom you hold and process considerable amounts of personal data.
How do I use the toolkit?
Our toolkit has been created to provide guidance and some precedents to help you with your UK GDPR compliance. We also link to third party documents and sites that you might find useful.
We suggest using the Toolkit documents and advice as a guide, however, we also recommend that you attend events (including APSCo meetings), and you may need external paid legal and technical advice and supplementary training for you and your staff.
Use the links below to access the most up to date advice and information.
What's New
ICO - Advisory check-up service
Artificial Intelligence and Employment Law Report
ICO Guidance
ICO - Joint Statement on Data Scraping and Data Protection
ICO Guidance - Content Moderation and Data Protection
ICO - Q&A on Subject Access Requests
ICO - Employment practices and data protection - Monitoring workers
ICO - 10 step guide to sharing information to safeguard children
ICO - International Transfer Risk Assessment and Tool
ICO - International Data Transfer Agreement and Guidance
Checklists and Tables
We have drafted a checklist to help you work through the issues you would need to consider. However, don’t forget the need to undertake an IT and data security audit. The ICO takes data breaches very seriously and many data breaches arise from straightforward errors and sloppy employee behaviour. Click here for more information.
Precedents and Contract Suggested Wording
UK GDPR compliance has to be bespoke to your organisation. We have drafted a generic privacy notice which contains general content relevant to the professional recruitment industry – but it might not be accurate to your business and a bespoke version must be prepared. Likewise, we can give a steer about the type of issues relevant to you when establishing a retention/deletion process and policy and a marketing policy, but ultimately the decision (and compliance risk) is yours. Click here for more information.
APSCo template terms have also been updated with UK GDPR changes and are available here.
