Data protection issues have an impact on most HR activities, from handling recruitment and employer references to employee record-keeping and performance monitoring. So it's crucial that employers have a solid grasp of data protection principles and law, understanding how to manage data responsibly while keeping up-to-date with legal developments.

This factsheet outlines the Data Protection Act which governs data protection in the UK, the forthcoming EU General Data Protection Regulation (GDPR) changes, as well as the legal obligations of employers and individual rights surrounding access to information. It provides guidance on following good data protection practices at work and offers a practical action plan for organisations. This covers various elements, from appointing a data protection officer and auditing information systems to issuing guidelines for managers on how to gather, store and retrieve data.

CIPD viewpoint

What is data protection?

The legal position

Data protection at work

Action plan for employers

Useful contacts and further reading

This factsheet was last updated by Lisa Ayling, solicitor and employment law specialist, and by Rachel Suff.

Rachel Suff

Rachel Suff: Employee Relations Adviser

Rachel joined the CIPD as a policy adviser in 2014 to increase the CIPD’s public policy profile and engage with politicians, civil servants, policy-makers and commentators to champion better work and working lives. An important part of her role is to ensure that the views of the profession inform CIPD policy thinking in ER areas such as health and well-being, employee engagement and employment relations.

As well as developing policy on UK employment issues, she helps guide the CIPD’s thinking in relation to European developments affecting the world of work. Rachel is a qualified HR practitioner and researcher; her prior roles include working as a researcher/editor for XpertHR and as a senior policy adviser at Acas.

Explore our related content

Top