Data Protection: a practical guide

Published July 2005, this guide helps businesses improve their information management and offers comprehensive guidance on how to comply with the Data Protection Act 1998.
Providing essential advice for all employers and of particular value to those responsible for personnel and human resource matters, this guide will help businesses improve their information management and offers comprehensive guidance on how to comply with the Data Protection Act 1998

Demystifying the Data Protection Act

Each working day, companies collect and use information about individuals which is covered by the Data Protection Act 1998.

For many companies, achieving compliance with the Data Protection Act in the employment sphere is a daunting or unappealing prospect. The Data Protection Act itself comprises six parts, 75 sections and 16 schedules. In addition, the guidance issued by the Information Commissioner to explain its application to employment records runs to hundreds of pages. In spite of this, the extent of an employer’s obligations in some areas remains unclear.

EEF's practical guide to meeting your data protection obligations

This guide aims to help Human Resources (HR) professionals navigate through the complexities of the Data Protection Act by pointing out a company’s main obligations in specific common employment situations.

It gives EEF’s view as to the practical steps for an employer to take in normal circumstances to comply with its main Data Protection Act obligations when handling employment records.

The guide does not contain a comprehensive explanation of every aspect of data protection law. Instead, taking account of the provisions of the Data Protection Act as well as the four-part Code of Practice on employment records and other position statements issued by the Information Commissioner, it gives EEF’s view of what you need to do in practice to comply with the law.

More detailed advice on particular issues is available from your EEF Association and from the Information Commissioner’s website at www.informationcommissioner.gov.uk.

Contents

Part 1: BACKGROUND

  • Introduction
  • When will the Data Protection Act apply?
  • Key obligations and principles
  • Consequences of breaching the Data Protection Act

Part 2: FIRST STEPS

  • Getting your house in order
  • Telling employees how you use their information
  • Notification
  • How long to keep records

Part 3: INDIVIDUAL RIGHTS

  • Individuals’ rights to see information about themselves
  • Disclosing information to third parties

Part 4: SENSITIVE AREAS

  • Information about health
  • Monitoring conduct and computer use
  • Other uses of sensitive information

Part 5: OTHER ISSUES DURING EMPLOYMENT

  • Recruitment and selection
  • Discipline, dismissal and grievance
  • Appraisals
  • Payroll, pensions and insurance-based benefits
  • Transferring information to other countries

Part 6: WHEN EMPLOYMENT ENDS

  • Exit interviews and references
  • Redundancies
  • Corporate transactions
  • Employment tribunal claims

Appendix 1: Sample purposes information
Appendix 2: Personal information and computers
Data Protection: a practical guide for employers

Downloads

This publication is exclusive to EEF members. If you are a member of EEF, log in to download.

Download Data Protection: a practical guide