Ch 14.4 - Providing notice

Providing notice

Whatever lawful basis is used, employers must still give employees a clear notice about how their data is used. It can sit in an employee handbook or a standalone notification on the intranet, and must be kept up to date - employees must be told when a new purpose is added.

The notice is required regardless of the lawful basis. Under the GDPR it must give enough detail for employees to understand the purposes, the legal basis, what the legitimate interests are (where that basis is used), the recipients of their data, where data will be transferred, and how long it is retained.

Deliver via an employee handbook or a specific notification given to all new joiners and available on request (e.g. on the intranet).
Keep the notice up to date and notify employees when a new purpose is added.
Include purposes, legal basis, legitimate interests (if relied on), recipients, transfers and retention periods

Key terms - quick answers

What is “Notice”?

Transparency information telling employees what data is used, for what purposes, who to contact, and what their rights are.

What is “Employee handbook”?

A common vehicle for delivering the privacy notice to staff, alongside or instead of a standalone notification.

← Processing sensitive employee data Storage of personnel records →