Do you have your GDPR compliant employee privacy notice ready?

15 May 2018

By Chrissie Davis

Eximia Comms | Internal Communications | GDPR


Many companies have a legacy employment clause in their contracts for consent to process personal data.

Given the GDPR has redefined what is meant by consent; freely given, unambiguous, revocable, positive indication of agreement, it has exposed the weakness of this approach. Consent should, therefore, be considered as a last resort and only used when no other conditions can apply.

As a result, steps should now be taken to overrule this basis for processing in favour of a combination of contract, meeting a legal obligation and legitimate business interests of the controller. This can be achieved by including these in a new employer privacy notice for existing employees and by removing consent clauses from HR contract templates for the future hires.

In collaboration with Data Protection Consulting, we have created template HR privacy policies, suitable for use under the GDPR. These are available for FREE and can be accessed here.

The GDPR significantly raises the benchmark for data privacy compliance. Organisations need to take action to meet the stringent standards and demonstrate accountability, so we hope these templates help you get a step closer to this.

If you need further advice on GDPR or practical help, then get in touch with Data Protection Consulting, who is well placed to assist.

Once you have your processes in place and you have an employee privacy policy ready, then it’s time to communicate with your employees to make sure they are aware of it and understand what it means for them.

It’s also a good opportunity to take the time to remind them of the importance of data privacy and data protection best practice when it comes to handling personal data about customers or other stakeholders.

The team at Eximia are best placed to help if any assistance is needed, given our understanding of both the legislation and communications. We help turn the confusion of GDPR into practical, meaningful and digestible content and design it on brand to make it stand out and engaging.

By communicating clearly, you will demonstrate a high level of accountability, so it’s a vital step in the GDPR journey. Get started now by getting in touch.

We hope you’ve found this helpful, so please feel free to share it with colleagues or peers.

Chrissie Davis

Founder and Chartered Secretary

Explore more insights

Read more
phone Call us on 020 7420 1984 or send us a message

Subscribe for insights and updates


Key areas of interest

Increase the effectiveness of your colleague communications by receiving tips, ideas, trends, events and exclusives. We focus on quality over quantity so will never overwhelm your inbox, but you can easily unsubscribe at any time.

By clicking below, you consent that we may process your information in accordance with our ​Privacy policy​.