GDPR and Employment: do you know how the GDPR applies to your disciplinary and grievance procedures?
INSIGHTS
Disciplinary and grievance procedures usually involve employee personal data.
Common actions of HR and managers when dealing with grievances and disciplinary matters that could fall within the scope of the GDPR are outlined below, illustrating in practice how GDPR will have an impact.
Communications – emails can be caught by Subject Access Requests!
Grievances and Disciplinary processes will require communications between managers, HR, and witnesses.
If you:
- Send emails which discuss the employee with other colleagues;
- Have written witness statements about the employee;
- Hold the employee’s personnel file;
then all of these documents and information may contain information that could be subject to a Subject Access Request (SAR). This is a common tactic employees can use to find out information that their managers or HR Directors have been withholding. You may not need to disclose the whole of the document.
Retention periods for personal data – expired written warnings and excessive data storing
Employee data should not be stored for longer than necessary. You should not be keeping information that is irrelevant, excessive or out of date. However, there are a number of disciplinary documents you may wish to keep for a longer period, such as written warnings for some years after their expiry.
You should consider having a clear retention schedule which includes the various disciplinary documents and how long these should be reviewed for. You should then have clear deadlines which will allow you to review the disciplinary documents and decide further retention periods if required. A warning that expires can be relevant to a future disciplinary hearing and sanction; it’s not redundant on expiry!
Fair Hearing – sharing personal data with a representative or colleague?
One of the main parts of a fair grievance or disciplinary procedure is the ability for an employee to bring a union representative or a colleague. Their role is one of companionship but they can ask questions based on the evidence gathered. However, sharing this information and documentation with the representative beforehand may require the consent of employees, as it is likely to include their personal data.
You need to be very careful about how you distribute papers in advance of a hearing (which you may need to do for the employee, to comply with ACAS guidance) but be careful about who else receives the papers, in what format, and in particular be very careful about distributing any sensitive personal data.
The trend of Subject Access Requests (SAR) – expect an increase in SARs
There has been an increasing trend in employees making SARs. It can be used as a tactic by the employee as part of negotiating a settlement.
Recent case law shows if a SAR is not dealt with before the end of a disciplinary process, this may make the process and subsequent action unfair.
We can help
Our Data Protection and Employment law specialists can help with reviewing your procedures and policies for employment law and GDPR compliance and any other questions you may have.
About the author
RELATED
Employment law
Recognising long COVID as a disability - Burke v Turning Point Scotland
Employment law
When are serious allegations about an employee able to be made “without prejudice”?
Employment law for employers
Can long COVID constitute a disability under the Equality Act 2010?
Immigration law for businesses & organisations
Using immigration routes to tackle labour shortages
Employment law for employers
Employment incentives without the Employment Bill
Employment law for employers
UK Government issues new COVID-19 workplace guidance for England
Employment law
BEIS announces new Statutory Code on ‘Fire and Rehire’
Employment law for employers
Can a worker carry over unpaid leave taken when their employer incorrectly failed to recognise them as a worker?
CONTACT US
Call us for free on 0330 912 0294 or complete our online form below for legal advice or to arrange a call back.