The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

Internet links: ICO getting ready GDPR 12 steps.pdf

The long awaited Taylor Review of employment practices suggests that a national strategy is needed to help provide security in such areas as wages, quality of employment, education and training, working conditions, work life balance and the ability to progress at work.

One of the areas of focus relates to the ‘gig’ economy, with the report recommending the creation of a new category of worker, known as a ‘dependent contractor’, to provide additional rights and benefits for those who are currently classed as self-employed, but who work for businesses which have a ‘controlling and supervisory’ relationship with their workers.

The additional benefits would include sick pay, holiday entitlement and the minimum wage, and the new employment status would also oblige these businesses to pay national insurance contributions for these workers.

Business groups have given mixed reactions to the report’s findings, with many welcoming the focus on labour market flexibility, but also warning that some areas, including the plans to rewrite employment status tests, are a cause for concern.

However, the TUC warned that the review ‘is not the game-changer needed to end insecurity and exploitation at work’

Internet link: Taylor Review 

The Pensions Regulator (TPR) has confirmed than eight million employees have signed up for a workplace pension since the launch of automatic enrolment.

The introduction of automatic enrolment was expected to lead to around eight million workers saving more for their retirement and this milestone has already been reached with hundreds of thousands more employers still to enrol staff over the coming months.

Minister for Pensions and Financial Inclusion Guy Opperman said:

‘Reaching this eight million figure is a formidable achievement and represents a huge number of people on the path to a more financially secure retirement.’

‘But we cannot be complacent and as contribution rates rise we know there is more to be done. That’s why our automatic enrolment review, which will report back later this year, is so vital to the future of this life-changing policy.’

TPR’s report shows that at the end of June 2017, 8,165,000 workers were enrolled in workplace pensions. Darren Ryder, TPR’s Director of Automatic Enrolment, said:

‘Tens of thousands more people every week are signing up to a new workplace pension through automatic enrolment. Employers are continuing to become compliant and to remain so, allowing their staff to get the pensions they are entitled to.’

‘There are more than 500,000 more employers whose duties are still to begin over the coming months. I would urge each and every one of them to check today that they know what they need to do and when they need to do it so they can seek our help if they need it.’

If you would like help or advice on complying with your Auto Enrolment duties please do get in touch.

Internet links: Press release Report