Many companies have a legacy employment clause in their contracts for consent to process personal data.
Given the GDPR has redefined what is meant by consent; freely given, unambiguous, revocable, positive indication of agreement, it has exposed the weakness of this approach. Consent should, therefore, be considered as a last resort and only used when no other conditions can apply.
As a result, steps should now be taken to overrule this basis for processing in favour of a combination of contract, meeting a legal obligation and legitimate business interests of the controller. This can be achieved by including these in a new employer privacy notice for existing employees and by removing consent clauses from HR contract templates for the future hires.
The GDPR significantly raises the benchmark for data privacy compliance. Organisations need to take action to meet the stringent standards and demonstrate accountability, so we hope these templates help you get a step closer to this.
If you need further advice on GDPR or practical help, then get in touch with Data Protection Consulting, who is well placed to assist.
It’s also a good opportunity to take the time to remind them of the importance of data privacy and data protection best practice when it comes to handling personal data about customers or other stakeholders.
The team at Eximia are best placed to help if any assistance is needed, given our understanding of both the legislation and communications. We help turn the confusion of GDPR into practical, meaningful and digestible content and design it on brand to make it stand out and engaging.
By communicating clearly, you will demonstrate a high level of accountability, so it’s a vital step in the GDPR journey. Get started now by getting in touch.
We hope you’ve found this helpful, so please feel free to share it with colleagues or peers.