What is an employee privacy notice?
Staff have a right to privacy: UK data protection law doesn’t just cover your relationship with your customers and their data. It also covers your legal obligations towards your staff (e.g. employees, workers and other personnel) and their right to privacy. With that in mind, there will be lots of times in your company lifecycle when you will need to process the personal data of your employees. To do this lawfully, you’ll need to ensure you have an employee privacy notice, to set out how you intend to process employee (and other personnel’s) data.
Why do you need to use this employee privacy notice template?
Really important: It's essential to get this right because there can be hefty fines for breaches of data protection laws. It is a legal requirement to give certain information to data subjects via a privacy notice when you are processing their personal data. Failure to do so could have a huge impact on your business:
- Reputational damage: Mismanaged data protection practices can lose the hard-earned trust of your employees (and potential future employees) - having a privacy notice in place is an obvious way to demonstrate to employees that you take their privacy seriously;
- Big fines: In the event of a non-compliance with data protection laws, your business could be exposed to multi-million-pound fines and legal action; and
- Regulatory investigations: Employees could make a complaint that could ultimately lead to an ICO (the data protection regulator in the UK) investigation. Such an investigation would cause the ICO to look into your data protection practices and procedures in detail, and potentially take action where non-compliances are identified.
What does Docue’s employee privacy notice template include?
Content of the notice: This employee privacy notice template covers the processing of employee (and other workers') personal data in the course of their employment or engagement. As a business, you are highly likely to hold and make decisions about this personal data and therefore you will need to be ready to provide "transparency information" (as required under data protection laws) to your employees about how you manage this data, to be able to comply with data protection laws.
Key provisions: UK data protection laws have strict requirements about the information that a privacy notice must set out, which include:
- Controller details - the identity and the contact details of the controller (which will be the employer in the case of an employee privacy notice);
- Data protection officer (DPO) - if the company has a DPO, the contact details of the DPO must be provided to employees via the privacy notice;
- Purpose and lawful basis - the specific purposes of the processing as well as the lawful basis for the processing must be included (and where legitimate interests are relied upon as the lawful basis, details of the specific legitimate interests);
- Data sharing - employees should be given details of the recipients or categories of recipients of the personal data, if any;
- International transfers - where applicable, that you are transferring personal data to a third country (i.e. a country outside of the UK and EEA), including reference to the appropriate or suitable safeguards being used for the transfer;
- Retention period - the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; and
- Data subject rights - a privacy notice must tell data subjects what their rights are under data protection laws. This includes the right to request access to and rectification or erasure of personal data, the right to request the restriction of processing concerning the data subject or to object to processing, the right to data portability, the right to withdraw consent at any time and the right to lodge a complaint with the ICO.
You can include all of the matters listed above (plus more!) in Docue’s dynamic employee privacy notice template, to produce a legally compliant employee privacy notice.
What other internal data protection documents does my business need?
An employee privacy notice is just one document that a business needs to demonstrate compliance with data protection laws. You should also have a number of other policies and records in place, including:
Create a staff privacy notice easily with Docue
Designed by lawyers: Docue’s employee privacy notice template is lawyer-made, lawyer-maintained, and has lawyer-crafted guidelines to steer you through every stage of drafting your document. It is kept up to date to stay compliant with changing data protection laws.
Easy to use: To create your employee privacy notice with confidence and speed, simply click through the intelligent tick box options and text box answers and you’ll have a comprehensive, tailored, and ready-to-use policy in no time.