If there are any specific topics you would like covered in this publication, please forward your suggestions to Adare Human Resources Management:
- Employment Case Law – each month we review a number of interesting employment law cases and consider their implications for organisations. This month we look at the Accrual of Annual Leave Whilst on Sick Leave. Read more >>>
- Workplace Relations Commission (WRC) Decisions – each month we look at and review the decisions from the WRC. This provides a valuable insight into the types of discrimination cases before the WRC and the decisions that are issued. Read more >>>
- What to Keep an Eye Out For – what is new, changing, potentially changing or what you may have missed. Read more >>>
This month marks the one-year anniversary (25th May) since the implementation of the General Data Protection Regulations (GDPR) across the EU. The GDPR saw the introduction of 99 Articles which provided for significant reforms to current data protection legislation in Ireland and the introduction of the Data Protection Act, 2018.
GDPR applies to all entities established in the EU which process personal data in the EU. As such, GDPR and the Data Protection Act, 2018 will apply to any person or Organisation which processes personal information / data related to an Employee (current or past) or an applicant for employment. However, there are exceptions to same, such as household data, deceased persons, criminal offences / safeguarding public security and/or EU common foreign and security policy.
Personal data is defined as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an indemnification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;” (Article 4, General Data Protection Regulation, 2018).
The Principles of GDPR which all entities established in the EU must adhere to are as follows:
- Obtain and process Personal Data Information lawfully, fairly and transparently – lawfulness, fairness and transparency
- Personal data must be collected for specified, explicit and legitimate purposes and not in ways incompatible with these purposes – purpose limitation
- Ensure it is adequate, relevant and limited – data minimisation
- Keep it accurate and up-to-date – accuracy
- Kept it in a form for no longer than necessary – storage limitation
- Keep it safe and secure including protection against unauthorised access – integrity and confidentiality
- The controller shall be responsible for, and be able to demonstrate compliant with – accountability
For queries relating to GDPR and data protection, contact the team at Adare Human Resource Management – firstname.lastname@example.org / 01 561 3594.