Employment law - Data protection
GDPR erasure of data response letterYou can use our letter to set out your reply to an individual's request, made under the UK GDPR, for erasure of some or all of their personal data that you hold about them. Erasure of personal dataWhere any of the g... Read more
09 Jan 2020
GDPR erasure of data request formThe UK GDPR enables individuals to make a request for the erasure of the personal data that you hold about them. You can use our form to assist them with making a request.The statutory rightUnder the UK GDPR, individu... Read more
06 Dec 2019
GDPR legitimate interests assessmentIf you intend to rely on legitimate interests as your lawful basis for processing certain personal data under the UK GDPR, you should first conduct a legitimate interests assessment.Lawful basis for processingTo pr... Read more
10 May 2019
GDPR data protection impact assessmentA data protection impact assessment is required where a new type of processing is likely to result in a high risk to the rights and freedoms of data subjects. Use our document as your starting point.What's a DPIA?... Read more
12 Apr 2019
GDPR consent to use of employee's imageNormally, you can't rely on an employee's consent as the lawful basis for processing their personal data. However, using their image in marketing materials can be an exception if they have a genuine choice about wh... Read more
12 Apr 2019
GDPR data processor clausesIf you use any third-party processors to handle employees' personal data, you must by law include a number of key written terms governing data protection in the commercial contracts you enter into with them.Processor obligat... Read more
04 Jan 2019
GDPR personal data breaches registerThe UK GDPR requires you to document all personal data breaches, whether they're notifiable to the Information Commissioner's Office (ICO) or not. Use our register to do this.Mandatory registerUnder the UK GDPR, you ... Read more
09 Nov 2018
GDPR letter notifying personal data breachAs well as notifying the Information Commissioner's Office (ICO), certain personal data breaches must also be notified to affected data subjects. Your notification to them must, as a minimum, describe the natu... Read more
13 Sep 2018
GDPR register of data subject access requestsThe UK GDPR requires you to demonstrate that you're complying with the data protection principles. Maintaining a GDPR register of data subject access requests can help you show that you're observing subject ... Read more
08 Jun 2018
Letter to ex-employee threatening to contact ICOUse our letter where you believe a former employee has taken personal data with them on leaving employment, such as client records, without your permission. Unlawfully obtaining personal data is a crimi... Read more
24 May 2018