Masterclass: How to protect your employees' data

Nikita Sonecha, employment and data protection solicitor at SA Law, explains how organisations can make sure their workers' information is safe

When it comes to protecting staff data, the most important thing for employers is to be open and transparent about what they’re doing. The General Data Protection Regulation (GDPR), which came into effect in May, has been really effective at forcing employers to think about what data they are collecting and why.

It’s essential for organisations to have a privacy policy that explains how and why they collect and process data from their workforce. Staff also need access to this information, so the policy must be made easily accessible, for example on the intranet. 

Policies are also constantly being updated. The best example is with employment contracts. Pre-GDPR, the law was much more open, and it effectively meant some employers could do what they wanted with their employee data, and that there was a general consent for them to do so. But we’ve moved away from that now, and employers need to be careful about who they give the data to. 

Businesses should consider which data processors they use, and whether they want to outsource that job to a third-party supplier. They should ensure there are watertight agreements in place when it comes to what the processor can and can’t do.

Employers should put checks in place to safeguard data – even simple things like having a pop-up warning to make sure emails are being sent to the correct recipients. Another important safeguard is to limit which people have access to employee data. For example, only certain people in HR can look at specific details, while others would not have access to that information at all. 

Employers need to make sure they place more value on their employee data and don’t put protecting it to one side. The point of businesses is to make money and cater to the needs of end users, but there is an incorrect belief that customer data warrants greater protection than staff data. 

There could be a huge reputational risk if a data breach goes public, whether that’s customer or employee information, so both should be afforded the same level of safeguards.

Workers are at the heart of businesses, and organisations need to keep protecting their data at the forefront of their minds. Bosses have to make sure they have key conversations with their workforce around data protection in order to keep the dialogue open.