Data Protection and Employers
Employees, like any other individual (data subject), have rights under the Data Protection Act 2019 (the Act) for processing of their personal data. Employers, as a matter of best practice and data retention requirements, must have processes and procedures in place to manage applicants or employees’ personal data. The Act applies to processing of personal data of applicants, former applicants, employees, agency staff, casual staff and contract staff.
Employment records must be collected, stored, processed and deleted as per the employee (data subject) rights under the Act. Monitoring of employees, use of company telephones, emails, internet use, mobile devices and company vehicles can only be conducted as allowed under the Act.
When complying with the Act, an employer must take into account national laws and regulations, for example the Employment Act 2007 and the Occupational Safety and Health Act 2007. It is therefore important to strike a balance between the reasonable expectations of employees on how their personal data will be handled and the legitimate interests of employers processing personal data for their organisation.
In the Data Protection Training for Employers we will cover the following:
– Overview of the Data Protection Act
– Data Controller and Data Processor – Employers rights and obligations, providing relevant examples
– Principles of Data Protection, providing relevant examples
– Lawful basis for processing data in an employment relationship
– Employee’s (Data Subject) rights
– Employee (Data Subject) Access Requests (DSAR’s)
– Employment contracts and data protection
– Overview of employee data protection training
– Data Retention Guide, specifically in relation to employees
– Enforcement and breach notifications
– Office of the Data Protection Commissioner
If you need additional bespoke data protection training, please contact me and I will be happy to design a program suitable for your organisation.
Amit Gadhia
- Advocate of the High Court of Kenya
- Solicitor of the Senior Courts of England and Wales (practicing freelance)
- Certified International Privacy Professional-Europe (CIPP/E)
- OneTrust Fellow of Privacy Technology
- Corporate Governance Professional (ICSA – UK)
- Certified Company Secretary (Kenya)
- Commissioner for Oaths and Notary Public