Are you storing your staff’s data correctly?

Health and Safety

Women with laptops

Are you aware of how the new General Data Protection Regulation (GDPR) will affect you and your employees? Employers must comply with the new European legislation that will be taking effect from May 2018 – whilst that seems pretty far away, if your company doesn’t comply, you could be facing some pretty hefty fines!

What is the GDPR?

The GDPR will replace the existing legislation for the protection of personal data: the Data Protection Act 1998 which is considered to be in need of desperate updating. Many consider this one of the most important changes in data protection over the past 20 years, especially with the advancement of the internet and the ways in which technology has changed our entire experiences with data. Did you know, in 1998 Google hadn’t even launched as a search engine in the UK yet, that’s how out of date the Data Protection Act is! The GDPR will be in place from May 2018 and its new rules are complex, leaving quite a tight timescale for employers to implement new changes to avoid potential claims and fines.

What is personal data?

Your staff’s personal data is any data by which they may be identified from emails to documents or HR records which include their name, address or email address. As an employer, you are highly likely to be storing and processing the personal data of your staff and the GDPR aims to give greater accountability to how personal data is used. In addition to personal data, most employers will also store sensitive personal data which includes information on their health, race, religion as well as sexual orientation, this sensitive data will be subject to higher protections.


If you fail as an employer to implement GDPR, the fines are harsh and are out to prove that the GDPR is not an option but a necessity. A failure to fulfil the new obligations could result in fines to the maximum of €20 million for the largest employers or 4% of worldwide turnover, whichever is higher. Fines for small to medium sized companies are also likely to be staggering to ensure that the GDPR is given the highest level of consideration within your organisation.


The GDPR is a piece of European legislation which will apply across the entire EU and will come into effect before the proposed Brexit will take place. The UK government has confirmed that the UK will be implementing GDPR fully into UK law and has been stated as being essential by legal advisors if we wish to trade at all with the rest of Europe.

Consent and your staff rights

At present, many employers will only have a standard clause in their employment contracts that gives the employee’s consent to store and process their personal data. However, this has been criticised and under the new GDPR laws, consent must be informed, freely given, specific and unambiguous. Therefore, the standard clause that is currently being used that employees are obliged to sign will not be good enough under GDPR. The GDPR will significantly enhance the rights of employees and as ‘data subjects’, they will be give more information on how and why their data will be processed. In addition, there will be a new right ‘to be forgotten’ where employees can require you to remove their personal data from your records in certain circumstances.

Join us for a complimentary seminar

If this all seems a little overwhelming, we’re here to ensure your business is ready for the new GDPR changes and 2018! Here at The Business Centre (Cardiff) Ltd, we are back with another helpful seminar in partnership with Peninsula, who are the UK’s leading HR and Health & Safety Consultancy. The seminar is free and will ensure that your business is ready for 2018!

At the event you can expect helpful and practical advice on how to avoid the mistakes that no small business can afford to make. At the seminar Peninsula will be covering:

• Practical tips on how to store and process staff data under GDPR.

• Why staff contracts are vital for your business’s success.

• How to avoid a fine or prosecution by the Health & Safety Executive (HSE).

We understand that your time is precious as a business owner which is why we have structured the event to offer you maximum value in a single morning, you’ll leave loaded with critical information that will keep your business moving forward in 2018 and beyond!

Places are free but limited so make sure you reserve your place today to avoid disappointment! To reserve your place, please email [email protected] quoting 42421C. We look forward to seeing you!

Posted on: 13th Feb 2018