Variation to terms and conditions
Important information about changes to your current employment documentation due to the introduction of new data protection laws
The General Data Protection Regulation (GDPR) will come into force in the UK on 25th May 2018 through a new Data Protection Act. We are committed to the principles of data security outlined in the GDPR and ensuring our compliance with our data protection obligations.
We have set out below some changes that are required because of the new laws, including a set of new policies that will come into effect on 25th May 2018.
Changes to your employment documentation
We have reviewed our current position in relation to GDPR and have identified new policies which are needed or which must replace existing ones. This law, and the UK’s own new Data Protection Act, will replace current data protection laws. Therefore, any references to the Data Protection Act 1998 in your current contractual documentation are, by way of this document, replaced with a reference to the General Data Protection Regulation and the Data Protection Act in force from time to time.
Our new policies are set out below and will come into effect from 25th May 2018:
- Data protection policy
- Communications policy
- Policy on your rights in relation to your data
- Data breach notification policy
- Subject access request policy
We have also implemented new privacy notices to be effective from 25th May 2018, which set out what personal data we use and how we use it:
- Privacy notice for employees
- Privacy notice for job applicants
Changes to your current Employee Handbook/Statement of Main Terms of Employment
1. The following clause in your employee handbook, ‘DATA PROTECTION ACT 1998’ is, with effect from 25th May 2018, replaced with:
The General Data Protection Regulation (GDPR) and the current Data Protection Act regulate our use of your personal data. As an employer it is our responsibility to ensure that the personal data we process in relation to you is done so in accordance with the required principles. Any data held shall be processed fairly and lawfully and in accordance with the rights of data subjects.
We will process data in line with our privacy notices in relation to both job applicants and employees.
You have several rights in relation to your data. More information about these rights is available in our “Policy on your rights in relation to your data”. We commit to ensuring that your rights are upheld in accordance with the law and have appropriate mechanisms for dealing with such.
We may ask for your consent for processing certain types of personal data. In these circumstances, you will be fully informed as to the personal data we wish to process and the reason for the processing. You may choose to provide or withhold your consent. Once consent is provided, you are able to withdraw consent at any time.
You are required to comply with all company policies and procedures in relation to processing data. Failure to do so may result in disciplinary action up to and including dismissal.
2. The following clause in your employee handbook, ‘THIRD PARTY INVOLVEMENT’ is, with effect from 25th May 2018, replaced with:
THIRD PARTY INVOLVEMENT
We reserve the right to allow third parties to chair any meeting, for example disciplinary, capability, grievance, this is not an exhaustive list. We will seek your consent at the relevant time to share relevant ‘special categories of data’ where it is necessary for the purposes of that hearing.
3. The following clauses in your employee handbook, ‘DISCLOSURE AND BARRING CERTIFICATES’, and ‘POLICY STATEMENT ON THE SECURE STORAGE, HANDLING, USE, RETENTION AND DISPOSAL OF DISCLOSURES AND DISCLOSURE INFORMATION’ are, with effect from 25th May 2018, replaced with:
DISCLOSURE AND BARRING CERTIFICATE(S)
Your initial employment is conditional upon the provision of a satisfactory Disclosure and Barring Certificate of a level appropriate to your post. You may be required to undertake to subsequent criminal record checks from time to time during your employment as deemed appropriate by the Company. In the event that such certificate(s) are not supplied your employment with us will be terminated.
POLICY STATEMENT ON THE SECURE STORAGE, HANDLING, USE, RETENTION AND DISPOSAL OF DISCLOSURES AND DISCLOSURE INFORMATION
During your employment, you are required to immediately report to the Company any convictions or offences with which you are charged, including traffic offences.
1) As an organisation using the Disclosure and Barring Service and/or Disclosure Scotland to help assess the suitability of applicants for positions of trust, we comply fully with the Disclosure and Barring Service/Disclosure Scotland Code of Practice regarding the correct handling, use, storage, retention and disposal of disclosures and disclosure information. We also comply fully with our obligations under the Data Protection Act.
2) Disclosure information is never kept in an applicant’s personnel file. It is always kept separately and securely in lockable, non-portable storage containers with access strictly controlled and limited to those who are authorised to see it as part of their duties in accordance with Section 124 of the Police Act 1997.
3) We maintain a record of all those to whom disclosures and disclosure information has been revealed and we recognise that it is a criminal offence to pass the information to anyone who is not entitled to receive it.
4) Disclosure information is only used for the specific purpose for which it was requested.
5) Once a recruitment (or other relevant) decision has been made, we do not keep disclosure information for any longer than is absolutely necessary in order to allow for the consideration and resolution of any disputes or complaints. Where appropriate, the Disclosure and Barring Service/Disclosure Scotland will be consulted and full consideration will be given to the data protection and human rights of the individual.
6) Once the retention period has elapsed, we will ensure that any disclosure information is immediately destroyed by secure means, i.e. by shredding, pulping or burning. While awaiting destruction, disclosure information will not be kept in any insecure receptacle (e.g. a waste bin or confidential waste sack). We will not keep any photocopy or other image of the disclosure or any copy or representation of the contents of the disclosure. However, we may keep a record of the date of issue of the disclosure, the name of the subject, the type of disclosure requested, the post for which the disclosure was requested, the unique reference number of the disclosure and the details of the recruitment (or other relevant) decision taken.
4. The clause entitled ‘Monitoring’ in the Email and Internet Policy is, with effect from 25th May 2018, amended as follows:
We reserve the right to monitor all e-mail/internet activity by you for the purposes of ensuring compliance with our policies and procedures and of ensuring compliance with the relevant regulatory requirements. This includes monitoring of any additional accounts you may be requested to set up for the purposes of performing your work tasks, which are subject to the same rules as your work email account. Information acquired through such monitoring may be used as evidence in disciplinary proceedings.
5. Any reference to the term “sensitive data” contained in your employment documentation is, with effect from 25th May 2018, replaced with “special categories of data”.