swayne johnson logo

Ensuring compliance from an employer’s perspective


Posted on 08 Mar 2018

Although there is currently a duty under the Data Protection Act (DPA) for an employer to comply with data protection principles, the General Data Protection Regulation (GDPR) has taken this further and Article 5 (2) requires employers to demonstrate that they comply with the data protection principles.

Article 24(1) GDPR requires employers to “implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation”.

All businesses will process large amounts of employee personal data to perform routine business functions such as performance reviews, payroll and insurances.

Steps to take to demonstrate that your business is complying with GDPR

  • Conduct a detailed data protection audit to ensure you understand how you use the personal data of employees. Identify the types of personal data, how it’s collected and stored and identify any third parties to whom it’s transferred
  • Review contracts of employment, amend where necessary and ensure they refer to the necessary policies
  • Implement or review policies that are already in place. Most importantly the Privacy Policy as there are further requirements that weren’t previously necessary that need to be included and a data breach policy is highly recommended. Other policies which will assist are “bring your own device”, “home and remote working” and “removal of personal data from the premises”
  • Train your employees to ensure they understand their responsibilities and bring the policies to their attention
  • Keep records and ensure they are kept up to date
  • Put ‘Data Sharing Agreements’ in place e.g. with pension providers



  • GDPR will apply from 25 May 2018
  • It is mandatory to notify the ICO of a breach (unless no risk to data subject)
  • The notification must be made within 72 hours of detection
  • Sanctions of up to €10,000,000 or 2% of annual worldwide turnover for minor breaches. €20,000,000 or 4% of annual worldwide turnover for big data breaches
  • ICO have ability to audit
  • Risk of damage to your business reputation



If you need further advice or assistance please contact Juana Eastwood in order to obtain a competitive fixed fee quote.

Juana Eastwood
Solicitor, Commercial Team
Tel: 01745 586833
Email: juanae@swaynejohnson.com


juana-eastwoodA solicitor which specialises in acquisition and disposal of commercial property. Acts on behalf of landlords and tenants in relation to commercial leases, and also deals with business sales and purchases.

Juana also drafts contracts of employment as well as staff handbooks which detail varying policies and procedures.  Juana acts for both employers and employees in relation to drafting and negotiating settlement agreements.

Further News - »