Data protection legislation permeates all areas of a business and can have a significant impact on the day to day operation of a business. With our help, businesses will be confident that they have the necessary processes, procedures and documents in place to achieve compliance.

Contact us

The GDPR and Data Protection Act 2018 together create a regime that governs the processing by data controllers of personal data relating to data subjects. A business processes personal data relating to customers, suppliers and website users. However, businesses are likely to process significantly more data in relation to employees. Data processed relating to employees might include:

  • CCTV footage
  • Data on their work computer (including emails)
  • Data from telephone calls and text messages
  • Data held in hard copy, such as personnel files


Keep up to date with our latest news

Speak to our experts today by calling 01454 800 008

Do you need help and advice?

Simply fill in this form or call us on: 01454 800 008

This type of data is likely to be unstructured and this creates a particular challenge for an employer seeking to comply with principles relating to data protection. Employers, as data controllers, are required to comply with a set of principles for processing personal data and, in addition, are required to show how they have complied with the principles. These principles form the core of the obligations of the data controller and will usually form the basis of any claim that a data controller has not complied with its statutory duties.

Lawfulness, fairness and transparency. Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.

Purpose limitation. Personal data must be collected only for specified, explicit and legitimate purposes. It must not be further processed in any manner incompatible with those purposes.

Data minimisation. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy. Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

Storage limitation. Personal data must not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed.

Integrity and confidentiality. Personal data must be processed in a manner that ensures its appropriate security.

Accountability. The data controller is responsible for and must be able to demonstrate, compliance with the other data protection principles.

We provide proactive support for employers to ensure these obligations are met. We can advise on conducting an initial data processing audit, analysing the results and determining the extent of GDPR compliance. Where any failures to comply are identified we will assist the employer with the steps it needs to take to achieve GDPR compliance. This might include preparing bespoke internal and external policies and documents and providing training.

In addition, we advise employers that have received requests from data subjects exercising their rights under GDPR, including subject access requests, and employers that have breached GDPR or the Data Protection Act 2018.

The employment law experience you require

MS Rubric’s specialist employment law lawyers have the extensive experience and knowledge you need. Call us today on 01454 800 008.

Talk to an employment law specialist today