Do employers need to amend employees’ contracts to comply with the GDPR?

The GDPR (General Data Protection Regulation) applies as much to your employees’ personal data as it does to your customers’. After all, their information is just as vulnerable to misuse and therefore it needs to be protected.

Fortunately, you aren’t required to amend employees’ contracts to meet the new rules. So if you’ve putting that task off until now, you can relax.

That’s not to say there’s nothing you need to do, though. In fact, there are a couple of changes to your documentation that you must make to ensure that you’re GDPR compliant. Let’s take at look at those in this blog.

Revisiting your policies and processes

You should have created a privacy notice for existing and new employees when the GDPR took effect. This document provides information on the way your organisation processes personal data on customers and employees, and overrides any invalid data protection clauses in existing contracts.

The GDPR states that this document must include:

  • The purposes that the organisation processes the employee’s personal data;
  • The lawful basis for processing that information;
  • How long the information will be kept; and
  • The employee’s data subject rights.

Find out more about rights and responsibilities under the GDPR >>

Organisations might also choose to create a specific workplace policy that addresses information and guidance on how the organisation is meeting the GDPR’s compliance requirements.

Likewise, they should review and amend existing policies that address data protection – such as CCTV surveillance and the way you use monitor employees’ browsing history.

GDPR compliance support with GRCI Law

Are you looking for help meeting your GDPR compliance requirements? If so, should take a look at our Privacy as a Service solution.

Led by a team of experienced data protection officers, lawyers, barristers, and information and cyber security experts, we’ll work with you to find a tailored solution that suits your needs.

This includes help with your DPO requirements, breach notification processes and data privacy management, and support completing DSARs.