Data protection

Type:: FAQs

What data subject access rights do employees have under the UK GDPR?

Updated to reflect new rules on time limits for responding to data subject access requests, in place from 5 February 2026 under the Data (Use and Access) Act 2025.

Type:: Employment law guide

Data protection: data subject rights

Updated to reflect changes to automated decision-making under the Data (Use and Access) Act 2025.

Type:: Employment law guide

Data protection: remedies and penalties

Updated to reflect an expansion of the ICO's powers, introduced under the Data (Use and Access) Act 2025, in force from 5 February 2026

Type:: Employment law guide

Data protection: legal grounds for processing personal data

Updated to reflect the addition of recognised legitimate interests as a lawful ground for processing data introduced under the Data (Use and Access) Act 2025, in force from 5 February 2026.

Type:: Employment law guide

Data protection: principles for processing personal data

Updated to reflect changes made by the Data (Use and Access) Act 2025 to purpose limitation, in force from 5 February 2026.

Type:: Employment law guide

Data protection: privacy impact assessments

This guide highlights the obligation on data controllers to carry out a data privacy impact assessment for any "high risk" types of processing.

Type:: Employment law guide

Data protection: data protection officers

This guide sets out when an organisation is required to appoint a data protection officer and what the roles and responsibilities of a data protection officer are.

Type:: Employment law guide

Data protection: transferring personal data in and out of UK

This guide highlights any special considerations that apply when organisations are transferring personal data in and out of the UK.

Type:: Employment law guide

Data protection: handling personal data breaches

This guide runs through what an employer as the data controller must do in the event of an actual or suspected data breach.

Type:: Employment law guide

Data protection: privacy notices

This guide sets out the requirement for data controllers to provide data subjects with a privacy notice explaining what data they hold on them and what they do with that data.

Topics

Subtopics

New and updated

What data subject access rights do employees have under the UK GDPR?

Data protection: data subject rights

Data protection: remedies and penalties

Data protection: legal grounds for processing personal data

Data protection: principles for processing personal data

Data protection: privacy impact assessments

Data protection: data protection officers

Data protection: transferring personal data in and out of UK

Data protection: handling personal data breaches

Data protection: privacy notices

About this topic

Data protection: key resources

Employment law guide: Data protection - UK GDPR scope and definitions

Employment law guide: Data protection - principles for processing personal data

Employment law guide: Data protection - legal grounds for processing personal data

Data protection policy

How to manage the retention of employee data under the GDPR

Data protection impact assessment form

Employee privacy notice

Data protection: quick links

Policies and procedures

Letters and forms

How to - practical guidance

FAQs

Podcasts and webinars