General Data Protection Regulation (GDPR): More FAQs

More FAQs on the General Data Protection Regulation (GDPR) have been added to HR & Compliance Centre. As employers are increasingly recognising the wide-ranging impact of the forthcoming changes to data protection law, we have answered more of your questions on the new obligations.

One of the questions that is frequently being raised is on the extent to which small businesses need to prepare for the new rules. The GDPR will apply to employers of all sizes as, even if a business employs only a small number of people, a data protection breach could have major consequences, for example if its work involves processing large amounts of sensitive personal data.

The newly added FAQs are:

• What are an employer's obligations under the UK GDPR if it contracts with a third-party provider to process its employee data?
• What are an employer's obligations under the UK GDPR in relation to emails containing personal data?
• Does the UK GDPR apply to small employers?
• Does the UK GDPR affect for how long employers can keep data relating to former employees?
• Do employers need to amend employees' contracts to comply with the General Data Protection Regulation (GDPR)?
• What are an employer's obligations under the UK GDPR in relation to the processing of special categories of personal data?

Previously published GDPR FAQs cover areas including data subject access requests, recruitment data and criminal records checks.

To see all our FAQs on the GDPR, go to FAQs > Data protection > The General Data Protection Regulation.