Disciplinary and grievance procedures usually involve employee personal data.
Common actions of HR and managers when dealing with grievances and disciplinary matters that could fall within the scope of the GDPR are outlined below, illustrating in practice how GDPR will have an impact.
Communications – emails can be caught by Subject Access Requests!
Grievances and Disciplinary processes will require communications between managers, HR, and witnesses.
- Send emails which discuss the employee with other colleagues;
- Have written witness statements about the employee;
- Hold the employee's personnel file;
then all of these documents and information may contain information that could be subject to a Subject Access Request (SAR). This is a common tactic employees can use to find out information that their managers or HR Directors have been withholding. You may not need to disclose the whole of the document.
Retention periods for personal data – expired written warnings and excessive data storing
Employee data should not be stored for longer than necessary. You should not be keeping information that is irrelevant, excessive or out of date. However, there are a number of disciplinary documents you may wish to keep for a longer period, such as written warnings for some years after their expiry.
You should consider having a clear retention schedule which includes the various disciplinary documents and how long these should be reviewed for. You should then have clear deadlines which will allow you to review the disciplinary documents and decide further retention periods if required. A warning that expires can be relevant to a future disciplinary hearing and sanction; it's not redundant on expiry!
Fair Hearing – sharing personal data with a representative or colleague?
One of the main parts of a fair grievance or disciplinary procedure is the ability for an employee to bring a union representative or a colleague. Their role is one of companionship but they can ask questions based on the evidence gathered. However, sharing this information and documentation with the representative beforehand may require the consent of employees, as it is likely to include their personal data.
You need to be very careful about how you distribute papers in advance of a hearing (which you may need to do for the employee, to comply with ACAS guidance) but be careful about who else receives the papers, in what format, and in particular be very careful about distributing any sensitive personal data.
The trend of Subject Access Requests (SAR) – expect an increase in SARs
There has been an increasing trend in employees making SARs. It can be used as a tactic by the employee as part of negotiating a settlement.
Recent case law shows if a SAR is not dealt with before the end of a disciplinary process, this may make the process and subsequent action unfair.
We can help
Our Data Protection and Employment law specialists can help with reviewing your procedures and policies for employment law and GDPR compliance and any other questions you may have.