How efficiently a business operates is dependant to a large extent on its ability to process the personal data of its employees. The smart use of personal data will impact on recruitment decisions, compensation and benefits, mobility of workforce and structural growth ensuring an organisation is not only an employer of choice but also an advanced and profitable organisation.
The effect of the Data Protection Act (DPA) on how an organisation processes information on its workers is generally straightforward but in some respects it can be complex and difficult to understand.
WHO DOES DATA PROTECTION COVER IN THE WORKPLACE?
The DPA applies when an employer processes personal information about a living individual who is identifiable from that data. That includes:
- applicants (successful and unsuccessful)
- former applicants (successful and unsuccessful)
- employees (current and former)
- agency staff (current and former)
- casual staff (current and former)
- contract staff (current and former)
The DPA also applies when an organisation uses volunteers and interns.
WHAT RESPONSIBILITIES DO WORKERS HAVE UNDER THE DPA?
Workers – as well as employers – have responsibilities for data protection under the DPA.
No-one at any level should disclose personal information outside the organisation’s procedures, or use personal information held on others for their own purposes. Anyone disclosing personal information without the authority of the organisation may commit a criminal offence.
DISCIPLINE, GRIEVANCE AND DISMISSAL
The DPA applies to personal information processed in relation to discipline, grievance and dismissal proceedings.
MONITORING AT WORK
The DPA does not prevent an employer from monitoring workers, but such monitoring must be done in a way which is consistent with the DPA.
Employers – especially in the public sector – must also bear in mind Article 8 of the European Convention on Human Rights which creates a right to respect for private and family life and for correspondence.
INFORMATION ABOUT WORKERS’ HEALTH
The DPA’s sensitive data rules come into play whenever an employer wishes to process information about workers’ health. These rules do not prevent the processing of such information but limit the circumstances in which it can take place.
Employers, especially in the public sector, need to bear in mind Article 8 of the European Convention on Human Rights which creates a right to respect for private and family life.
NEW EU LAW
It is likely that proposed new regulations on data protection will impose greater restrictions on how personal data is processed; Employees may need to give express consent for their data to be processed and if that happens employers will need to consider both how consent has been obtained to date and how consent will be obtained going forward, (it may no longer be possible to rely on a signature at the end of a contract).