The main legislation governing data protection is the Data Protection Act 1998 (DPA) and the Investigatory Powers Act 2016 (IPA), and a full list of applicable legislation is given at the end of these Q&As.

The main legislation governing data protection is the (DPA) and the (IPA).

The DPA implements the EU Data Protection Directive, and both aim to give individuals rights in connection with the processing of manual and computerised personal data about them.

In December 2015, the EU Commission, Parliament and the Council of Ministers reached agreement on the General Data Protection Regulation (GDPR). Significant changes are proposed which will affect how all employers (and other institutions) throughout the EU deal with personal data. In May 2017 the ICO published a plan, committing to the implementation of the GDPR.

What is data protection and what are the eight data protection principles?

What is the Information Commissioner’s Office?

Where can guidance on interpreting the DPA be found?

Who are data controllers?

Does the DPA apply only to employee data?

What type of data does the DPA apply to?

Are manual personnel and other manual files likely to be covered by the DPA?

What is the procedure for a subject access request?

Can employers require people to use their subject access rights to provide certain records as a condition of employment?

What is the definition of ‘sensitive personal data’ and what additional measures must an employer take when processing it?

Do employers need to seek explicit consent from employees before processing data relating to sickness absence?

Is there any guidance on the length of time personnel records or data should be kept?

What penalties do employers face for breaching the DPA?

Can an employer video employees, or monitor calls, emails and internet use?

How should employees’ use of social media be managed?

What are the potential liabilities and risks if employees or employers misuse the communications systems?

What are the issues if employees are supplied with their own devices at work?

What changes are likely under the GDPR?

Future developments


Explore our related content