Employer Factsheet: General Data Protection Regulation — GDPR

Dos

Employers should:

• tell individuals the purpose for requesting and storing personal data

• tell individuals how personal data collected on them will be used and make sure that it is only used for those purposes

• always seek employees’ consent to obtain data and information about them

• treat all information and data as confidential and ensure that it is stored securely

• ensure that it is processed lawfully, fairly and in a transparent manner

• keep all personal data held on individuals up to date, relevant and accurate

• make sure the right internal procedures are in place to detect, report and investigate a personal data breach