Do you have your GDPR compliant employee privacy notice ready?

Published on Tuesday 15th of May, 2018

By Chrissie Davis

I bridge the gap between corporate and creative, helping clients save time and costs, gain added value through knowledge and insight, and deliver more considered outcomes.

Find out more about Chrissie on LinkedIn.

Many companies have a legacy employment clause in their contracts for consent to process personal data.


Given the GDPR has redefined what is meant by consent; freely given, unambiguous, revocable, positive indication of agreement, it has exposed the weakness of this approach. Consent should, therefore, be considered as a last resort and only used when no other conditions can apply.


As a result, steps should now be taken to overrule this basis for processing in favour of a combination of contract, meeting a legal obligation and legitimate business interests of the controller. This can be achieved by including these in a new employer privacy notice for existing employees and by removing consent clauses from HR contract templates for the future hires.


In collaboration with Data Protection Consulting, we have created template HR privacy policies, suitable for use under the GDPR. These are available for FREE and can be accessed here.


The GDPR significantly raises the benchmark for data privacy compliance. Organisations need to take action to meet the stringent standards and demonstrate accountability, so we hope these templates help you get a step closer to this.


If you need further advice on GDPR or practical help, then get in touch with Data Protection Consulting, who is well placed to assist.


Once you have your processes in place and you have an employee privacy policy ready, then it’s time to communicate with your employees to make sure they are aware of it and understand what it means for them.


It’s also a good opportunity to take the time to remind them of the importance of data privacy and data protection best practice when it comes to handling personal data about customers or other stakeholders.


The team at EXIMIA are best placed to help if any assistance is needed, given our understanding of both the legislation and communications. We help turn the confusion of GDPR into practical, meaningful and digestible content and design it on brand to make it stand out and engaging.


By communicating clearly, you will demonstrate a high level of accountability, so it’s a vital step in the GDPR journey. Get started now by getting in touch.


We hope you’ve found this helpful, so please feel free to share it with colleagues or peers.

Liked this article? why not share it?

Related Articles