Category Archive: Employment

Government publishes Statement of Intent on proposals for new data protection laws

On 7 August 2017, Government publishes its Statement of Intent (SoI) on ‘A new Data Protection Bill: Our planned reforms’. The SoI states that implementation of the GDPR and repeal of the Data Protection Act (DPA) will be done in a way that so far as possible preserves the concepts of the DPA to ensure that the transition for all is as smooth as possible while complying with the GDPR in full.

The Government has 3 main objectives in its approach to data protection law as we prepare to leave the European Union – (1) Maintaining trust; (2) Future trade; and (3) Security.

DLA Piper’s Data Privacy team has published a blog on the SoI here. The key aspects from an employment perspective are as follows:

Rights of individuals

The Bill aims to better protect UK citizens through a combination of new and strengthened existing rights:

  • Privacy – rules around consent are being strengthened and subject to additional conditions such as being unambiguous and easy to withdraw;
  • Improved data access – it will be easier for individuals to require an organisations to disclose the personal data it holds about them at no charge;
  • Right to be forgotten – individuals will be able to ask for their personal data to be erased; and
  • Profiling – individuals will have greater say in decisions that are made about them based on automated processing.

Requirements for organisations

Requirements will be strengthened or amended to reflect the changing nature and scope of the digital economy. The aim is to build accountability but with less bureaucracy – administrative and financial burdens will be alleviated but there will be increased requirements for data breach notification. The Bill will help to reduce business exposure to risk of data protection breaches and associated fines and reputational damage and will provide a clearer regime for data processing.

Regulator’s powers

The Information Commissioner will retain existing powers and gain additional authority to impose greater sanctions in the event of data breach.

Exceptions and derogations

The Government conducted a ‘Call for views’ on the GDPR derogations which closed on 10 May 2017. The Bill will exercise the available derogations in the GDPR. The most notable are:

  • Giving consent to process data and protecting children online – children aged 13 or older will be able to consent to their personal data being processed;
  • Processing criminal conviction and offence data – the Government will legislate to extend the right to process personal data on criminal convictions and offences so as to enable organisations other than those vested with official authority to process criminal conviction and offences data. It will take a similar approach to that taken for the processing of sensitive categories of data.
  • Automated decision making – the Government will legislate to implement the exemption where suitable measures are put in place to safeguard an individual’s rights, freedoms and legitimate interests eg in relation to a bank check creditworthiness before agreeing to provide a loan; and
  • Research – research organisations will not have to respond to SARs when this would seriously impair or prevent them from fulfilling their purposes; they will not have to comply with an individual’s rights to rectify, restrict further processing and object to processing where this would seriously impede their ability to complete their work and provided that appropriate organisation safeguards are in place to keep the data secure.


The full detail of how the Government intends to implement the GDPR in the UK to ensure that data transfers to and from Europe post-Brexit are protected will not be clear until the text of the Bill is published. There are welcome indications that the Bill will deal with some aspects of the GDPR which could otherwise have been problematic for UK employers such as the prohibition on processing data about criminal records. It remains to be seen whether the Bill will deal with other problem areas such as the GDPR’s lack of exemptions to data subject access requests which could lead to employers being required to disclose privileged information. However, the SoI is helpful in further articulating the UK Government’s commitment to the adoption of the GDPR both pre- and post-Brexit.

Permanent link to this article:

Holiday pay must include payment for any voluntary overtime normally worked

In the latest instalment to the litigation surrounding the correct calculation of holiday pay, the EAT has held that payment for voluntary overtime that is normally worked is within the concept of ‘normal remuneration’ and should therefore be taken into account in calculating holiday pay for the 4 weeks of holiday provided for by the Working Time Directive (WTD). This is the first binding decision in England and Wales on the issue of voluntary overtime.

In Dudley Metropolitan Borough Council v Willetts and others, the tribunal considered whether a number of different payments should be treated as forming part of a worker’s ‘normal remuneration’ for the purposes of WTD holiday. Each of the following elements was in dispute i) out-of-hours standby pay; (ii) call-out allowance; (iii) voluntary overtime; and (iv) mileage or travel allowance.

In this case, the claimants were employed in a number of different roles with set contractual hours. However, the claimants were also able to volunteer to perform additional duties which their contracts of employment did not require them to carry out. In effect, they could drop on, or off, a rota to perform on-call and additional overtime work as they so wished, essentially to suit themselves.

The employment tribunal had held that, in line with previous case law, when calculating holiday pay it was required to take into account anything ‘required of the claimant under his contract of employment which is intrinsically linked to the performance of the required tasks’ but that it could not take account of ‘occasional or ancillary costs’.

Applying this to the facts of the case, the employment tribunal had found that out-of-hours standby pay and call-out allowances did form part of the claimants’ normal remuneration and should therefore be included in holiday pay. In relation to voluntary overtime, the employment found that it formed part of normal remuneration for employees who undertook it regularly. For travel allowances, the tribunal held that any part of the allowance which is subject to tax as a benefit in kind would be part of normal remuneration. These findings were appealed to the EAT.

The EAT upheld the findings of the tribunal. It said that EU law requires that normal (not contractual) remuneration must be maintained in respect of the 4 weeks’ WTD leave – the purpose of this requirement is to ensure that a worker does not suffer a financial disadvantage by taking leave which is liable to deter them from exercising their right to take that leave. The EAT said that the ECJ had confirmed that for payment to count as ‘normal’ it must have been paid over a sufficient period of time and that this is a question of fact and degree. Normal remuneration would not include items which are not usually paid or are exceptional.

The EAT said that the test for establishing ‘ normal remuneration’ is not solely dependent on a link between pay and the performance of duties required by the contract of employment; it said that, if there is an intrinsic link, that is decisive of the requirement that it be included within normal remuneration. However, it is a decisive criterion but not the, or the only, decisive criterion. An absence of an intrinsic link does not automatically exclude a payment from counting, a position which it said is supported by the fact that payments personal to an individual such as those relating to seniority and professional qualifications count for normal remuneration purposes even though they are not intrinsically linked to the performance of the tasks that the worker is required to carry out.

The EAT went on to say that excluding payments for voluntary work normally undertaken would amount to an excessively narrow interpretation of ‘normal remuneration’ which would risk a worker suffering a financial disadvantage which might then deter them from taking holiday. In a case where the pattern of work – though voluntary – extends for a sufficient period of time on a regular and/or recurring basis so as to justify the description ‘normal’ it will need to be included in holiday pay. It will be for the tribunal to determine whether any such payments are regular and settled enough to amount to normal remuneration.

In the alternative, the EAT said that even if an intrinsic link was required, that link did exist in this case; without a contract of employment the arrangements for voluntary overtime would not exist. The EAT said that once an employee started working a shift of voluntary overtime they were performing tasks required of them under their contracts of employment, even if there was also a separate agreement.

In relation to call-out allowances, the EAT again upheld the findings of the tribunal that these were normal remuneration; it said that if the payments are normally paid they must be included in holiday pay to ensure there is no financial disadvantage to the worker as a result of taking the leave. For out-of-hours payments, the EAT again held these should be included in normal remuneration, emphasising that the focus is on normal remuneration, and not the normal working week. It repeated that whether a payment is normal is a question of fact and degree and that questions of frequency and regularity are likely to be relevant. The EAT had no difficulty with concluding that a payment is normally made if paid over a sufficient period of time on a regular basis, even if it is not paid very frequently. The EAT said that it did not accept that if workers have the opportunity to take annual leave in weeks with no overtime or out-of-hours shifts this would mean they were not deterred from taking holiday. A deterrent effect could be inferred from the reduction in remuneration itself.

Impact for employers

The outcome of this case is not surprising, following the recent trend in case law on the correct
calculation of holiday pay. However, its binding status as an appellate level decision, does also bring
some clarity to the issue of the inclusion of voluntary overtime payments in holiday pay.

Employers may still face practical difficulties with some payments, however, in determining whether,
as a matter of fact and degree, they do constitute ‘normal remuneration’ and, if so, in then determining the appropriate reference periods to make the relevant calculations.

Employers will also need to consider carefully how holiday pay is dealt with in the employment particulars required by section 1 Employment Rights Act 1996, which states that the particulars relating to holiday pay must be ‘sufficient to enable the employee’s entitlement ….to be precisely calculated’.

Permanent link to this article:

Supreme Court ends employment tribunal fees with immediate effect

Employment tribunal fees were introduced for the first time in July 2013, and have been subject to challenge ever since. Over the course of the last 4 years, UNISON has launched two judicial reviews, both of which were unsuccessful in the High Court.  In 2015, UNISON’s appeal to the Court of Appeal failed.   Leave to appeal to the Supreme Court was granted and, following a two day hearing earlier this year,   this long running saga finally ended today when the Supreme Court decided to unanimously uphold UNISON’s appeal.

UNISON had asserted, and the Supreme Court agreed, that the 2013 statutory instrument implementing employment tribunal fees (the Fees Order) is unlawful for three reasons:-

  • First, it restricts the right of individuals to be permitted access to justice. Such a restriction is only lawful if it can be shown to be a proportionate means of achieving a legitimate aim, a test which, the Supreme Court decided that employment tribunal fees do not satisfy.
  • Second, the Order is inconsistent with the primary legislation under which it is implemented and frustrates Parliament’s intention both to provide individuals with substantive employment rights and to provide an accessible and affordable venue in which to enforce those rights.
  • Third, the fees regime discriminates directly against women and there is no objective justification for this discriminatory effect.

Largely the arguments at the Supreme Court centred on whether or not the fees regime could be objectively justified.  That is to say, whether or not the regime pursued one or more legitimate aim and if the regime was a proportionate means of achieving those aims.  The Government’s aims in introducing fees included transferring a portion of the costs of the tribunal service to end users and encouraging people to use alternative services to resolve disputes. Although the Court accepted that these aims were legitimate, it fully upheld UNISON’s contentions that the regime was disproportionate. The Court found that the level of fees under the regime has acted as a deterrent to claims and imposed an unjustifiable intrusion into access to justice. As such, the Court declared the regime unlawful under both UK and EU law.

What happens next?

  • As a result of its decision, the Supreme Court has quashed the Fees Order, which means that, with immediate effect, fees will no longer be chargeable for claims in employment tribunals.   Naturally, this is likely to lead to a rise in the number of disputes between employers and employees which reach the employment tribunal.
  • The Government had previously given an undertaking to repay all fees paid under the regime from its July 2013 implementation date if the fees regime was subsequently found to be unlawful. The Supreme Court confirmed today that this undertaking will now be fulfilled.
  • Although this cannot be predicted with any certainty, it is possible that the Government may, in future, seek to implement a revised fee regime which takes account of the need for proportionality.     Given the outcome of the Supreme Court case, the Government may prefer to implement any new regime via an Act of Parliament, rather than using an Order.  This would, of course, require the regime to be debated and approved by Parliament; a process which would be likely to affect the shape of any new regime.

Update – 9 August 2017

By way of update, on 9 August 2017, the President of the Employment tribunals issued Case Management Orders ordering that all claims or applications brought to the Employment Tribunal in England, Wales and Scotland in reliance upon the decision of the Supreme Court in R (on the application of Unison) v Lord Chancellor  will  be stayed (sisted, in Scotland) to await decisions of the Ministry of Justice (MoJ) and Her Majesty’s Courts and Tribunals Service (HMCTS) in relation to the implications of that decision.  Anyone who wishes to make representations in relation to the further conduct of these claims or applications is ordered to apply to the Regional Employment Judge for the relevant Employment Tribunal region or, in Scotland, to the President of Employment Tribunals (Scotland).

The impact of these Orders appears wide enough to  include applications for refunds of fees and claims that were rejected or dismissed because fees were not paid. It may also cover new claims which had not been brought previously because of fees and in which an extension of time is now sought.  However, the Orders’ Preamble do have regard to rules 11 and 40 of the Employment Tribunals (Constitution and Rules of Procedure)  Regulations 2013 which relate to rejection or dismissal of claims for non-payment of fees (or absence of remission) which suggests that the scope of the Orders may be limited to reinstatement of claims that were previously struck out or dismissed for non-payment of fees.  We must now await the decisions of the MoJ and HMCTS.


Permanent link to this article:

Government publishes proposals for EU nationals

After many months of speculation about the Government’s proposals for European nationals[1] currently living and working in the UK, the Government has now published its Policy Paper setting out its plans.  This is welcome news to employers employing European nationals in their workforce. Whilst the terms of the Policy Paper are still, of course, subject to negotiation with the EU (and an expectation that they will be reciprocated),  they do at least serve as a useful guide to the Government’s current stance.

It is critical that employers keep up-to-date with the latest information. During this period of uncertainty, reassurance of workers is likely to be key in order to prevent loss of talent and to ensure business needs can continue to be met. Employers should therefore have a plan for keeping on top of the latest developments and a communications strategy for liaising with their staff so that the workforce has accurate information about the latest position and knows where it can find out further details, both internally and from external sources.   Regular meetings and/or notices, and the appointment of a go-to person within the organisation are both likely to be helpful in this regard.

Here is a summary of the key proposals at this stage:

  • Until the UK leaves the EU, EU nationals will continue to have the same rights to live and work in the UK as they have now;
  • At this stage, EU nationals do not need to apply for any documentation to evidence their right to stay in the UK. The existing regime will be replaced by a new process. European nationals may decide to access this new scheme before the UK’s exit from the EU but they do not have to do so. The new scheme is expected to be up and running in 2018;
  • EU nationals, who have been continuously resident in the UK for at least 5 years by the cut-off date[2], will eventually be required to apply for a residence document (regardless of whether they already hold a certificate of permanent residence) which will be proof of their right to live and work in the UK. This residence document will give the individual a new ‘settled’ status;
  • EU nationals, with settled status and at least 6 years’ residence in the UK, will be able to apply for British citizenship;
  • EU nationals, who have been living in the UK for less than 5 years at the cut-off date, will eventually be required to apply for a temporary status to give them permission to remain in the UK. Once 5 years’ residence has been achieved, the individual will be able to apply for settled status;
  • The Government plans to grant a period of ‘blanket residence permission’. This means that immediately upon the UK exiting the EU, all EU nationals already lawfully living in the UK will be given time to apply for their new immigration status. The timeframe is to be confirmed but is expected to be up to 2 years, primarily to avoid a rush for applications;
  • Family members[3] (including non-EU nationals) of European nationals who are resident in the UK before it exits the UK will also be eligible to apply for settled status (if resident for 5+ years) or leave to remain (if resident for less than 5 years);
  • European nationals who come to live in the UK after the cut-off date will be subject to new rules which have yet to be confirmed. The Government has stated that whilst these EU nationals will be allowed to remain in the UK for a temporary period, they should not have any expectation of being guaranteed a right to remain in the UK;
  • The application process to establish immigration status will be modernised and streamlined, and fees will be set at a reasonable level;
  • For benefits purpose, European nationals with settled status will be treated in the same way as comparable UK nationals. European nationals with temporary leave to remain pending the achievement of settled status will be able to access benefits on the same basis as they do now (which is broadly comparable access for workers and limited access for those not working).

If you would like to discuss the impact of Brexit on European nationals in your workforce, or how we might assist with your internal communications strategy, please email Kate Hodgkiss.


Useful links:

Policy paper: Safeguarding the position of EU citizens living in the UK and UK nationals living in the UK (June 2017)

Policy paper factsheet: Rights of EU citizens in the UK (June 2017)

Government guidance: Status of EU citizens in the UK: What you need to know

Email alerts: Status of EU nationals in the UK

[1] In this article, European nationals denotes nationals of the EU, EEA and Switzerland

[2] The cut-off date has not yet been confirmed but is proposed to be no earlier than 29 March 2017, and no later than the date of the UK’s exit from the EU

[3] Family members include direct family members (spouse/civil partner, direct dependants in the descending line (under 21 or dependent), direct dependants in the ascending line) including those with retained rights and extended family members whose residence has been previously facilitated by the Home Office


Permanent link to this article:

Taylor Review report into employment practices in the modern economy published

The Taylor Review’s final report on employment practices in the modern economy has been delivered to Government and published on 11 July 2017. The Review panel, chaired by Matthew Taylor, has made a number of recommendations for specific measures which the Review panel would like to see enacted as soon as possible, but also makes the case for longer term strategic shifts. As an overarching principle, the report issues a call to sign up to the ambition that all work will be good work as measured against six high level indicators of quality: wages; employment quality; education and training; working conditions; work life balance; and consultative participation and collective representation.

Seven key policy approaches

The Review sets out seven key policy approaches towards fair and decent work which underpin the panel’s recommendations, broadly as follows:

  1. Our national strategy for work should be explicitly directed toward the goal of good work for all. The same basic principles should apply to all forms of employment: there should be a fair balance of rights and responsibilities, everyone should have a baseline of protection and there should be routes to enable progression. Over the long term taxation of labour should be more consistent across employment forms whilst improving the rights of the self-employed;
  2. Platform-based working offers opportunity for genuine two-way flexibility and should be protected whilst ensuring fairness. Worker status should be maintained (but re-named dependent contractor’ status) but we should be clearer about how to distinguish workers from the self-employed;
  3. The law should help firms make the right choices and individuals to know and exercise their rights. Dependent contractors need additional protections and we need stronger incentives for firms to treat them fairly;
  4. The best way to achieve better work is responsible corporate governance, good management and strong employment relations rather than regulation;
  5. Everyone should feel they have realistically attainable ways to strengthen future work prospects through training;
  6. The UK needs a more proactive approach to workplace health; and
  7. The UK needs sectoral strategies to ensure that people are not stuck at the living wage minimum.

The report makes the following practical recommendations to further these principles:

Employment status

Determining employment status must be simpler, clearer and give individuals and employers more information.The report notes that how the law on employment status is interpreted varies widely and that legislation must do more to improve clarity. The report refers to the current tests and factors which determine employment status, namely personal service, mutuality of obligation, control and whether the individual is carrying out a business undertaking and suggest that if the Government considers these to be an accurate reflection of the main characteristics of employment status, they should be outlined in legislation. The detail underpinning these high level criteria should be specified in a way which can be updated quickly, such as secondary legislation or guidance.

Worker status

The Review favours maintaining the existing three-tier approach to employment status with employees, the self-employed and an intermediate status (currently worker) between the two but recommends re-naming the intermediate status as ‘dependent contractors’. There should also be a clearer distinction between employees and dependent contractors, with a clearer definition of dependant contractors which better reflects the reality of modern working arrangements. The report specifically recommends removing the requirement for personal service and giving control greater importance. Essentially, people working for a firm that has a controlling and supervisory relationship with them should have to treat them as workers.The report also recommends extending the right to a written statement of basic terms and conditions, including holiday, sick pay and pension, at the start of employment to dependent contractors and introducing a standalone right to bring a claim for compensation if the employer fails to do so.The report also recommends the development of an online tool to provide an indication of employment status similar to HMRC’s online tool for tax status.

The ‘gig’ economy

Recognising that the proposed change to the test for worker status would potentially bring many more individuals in the so-called gig economy within worker status, who would then become entitled to the National Minimum Wage (NMW), the report recommends changes to how the NMW is calculated in order to preserve flexibility. under this proposal, firms would not have to pay workers the minimum wage for every hour that they are, for example, logged onto a platform. Instead, Taylor is recommending that the Government adapt the piece rate legislation to enable platforms to compensate workers based on output provided they are able to show that the average worker receives 1.2 times the minimum wage, that workers can choose when they work and that they get real-time information about how much they are likely to earn on a shift.The report also recommends that Government should strongly encourage gig platforms to enable individuals to be able to carry approval ratings with them when they move from the platform.

Tax and the rights of the self-employed

The report recommends that renewed effort should be made to align employment status with tax status, and also calls for a debate about how labour is taxed. The employed are currently taxed more than the self-employed, which the Government had proposed to address by putting up national insurance contributions for the self-employed, until a backlash forced it to drop the idea in March. Taylor believes that the level of NICs paid by employees and the self-employed should be moved closer to parity, but that the self-employed should have additional rights, particularly to parental leave.

Zero hours contracts and casual work

The report does not recommend banning zero hours contracts, but does recommend that people engaged on zero hours contracts should have the right to request fixed hours with a starting assumption of the average hours worked over the previous 12 months. Companies should have to publish information about how many such requests are received and granted.The report also recommends that the Low Pay Commission should consider the introduction of a higher rate of NMW payable for hours which are not guaranteed as part of the contract.The report also recommends increasing the maximum gap between work assignments which will not break continuity of employment from one week to one month (or potentially longer in specific circumstances) to make it easier for casual workers to qualify for employment rights.

Paid holiday

The report recommends increasing the reference period for the calculation of holiday pay to 52 weeks so that casual workers receive holiday pay based on their average earnings over the year. The report also recommends that individuals should have the choice to be paid rolled-up holiday pay, meaning that a dependent contractor could choose to receive a 12.07% premium on pay rather than being paid during holiday periods.

Statutory sick pay and sickness absence

Statutory sick pay should be reformed so that it is explicitly a basic employment right for which all workers are eligible regardless of income from day 1, payable by the employer and accrued on length of service. Employers would no longer face liability for long periods of paid sick absence for those who have only worked for them for a short period, but many more workers would be entitled to receive SSP.The report also recommends that individuals with a relevant qualifying period should have the right to return to the same or a similar job after a period of prolonged ill-health, similar to the current protection for employees returning from parental leave.

Agency workers

The report recommends that agency workers should have the right to request a direct contract of employment with the hirer if they have been placed with the same hirer for 12 months, with the hirer required to consider requests reasonably.The report also recommends removing the so-called ‘Swedish derogation’ from the agency workers regulations. At present, if the agency engages an agency worker on terms which provide for payment between assignments, the agency worker is not entitled to be paid the same as a permanent member of staff doing the same job after 12 weeks.

Family-friendly rights and flexible working

The report recommends that the Government should review and consolidate guidance on the legislation which protects workers who are pregnant or on maternity leave and consider further options for legislative intervention on pregnancy and maternity discrimination.The Government should also consider how to further promote genuine flexibility in the workplace, for example whether the right to request flexible working should cover temporary changes to contracts.

Employee representation

The report recommends that the Government should examine the effectiveness of the Information and Consultation Regulations, extend them to cover workers and reduce the threshold for employee requests from 10% to 2%. Government should also work with Investors in People, ACAS and trade unions to promote development of better employee engagement and workforce relations.

Transparency and reporting

Government should require companies of a certain size to publish information to:

  • Make public their model of employment and use of agency services beyond a certain threshold;
  • Report on the number of requests received and agreed to from zero hours contract workers for fixed hours;
  • Report on the number of requests received and agreed from agency workers for permanent positions.

Enforcement and employment tribunals

Taylor recommends that there should be a new, fee-free procedure for workers to get a ruling on their employment status from an employment tribunal at an expedited preliminary hearing. The burden of proof should be reversed where status is in dispute so that the employer has to prove the individual is not entitled to the relevant employment rights.

The Government should also create an obligation on employment tribunals to use aggravated breach penalties and costs orders against employers who have already lost an employment status case on broadly comparable facts where further individuals bring claims. Government should allow tribunals to award uplifts in compensation if there are subsequent breaches against workers with the same or materially the same working arrangements.

The Government should take action to enforce tribunal judgments and establish a name and shame scheme for employers who do not pay tribunal awards within a reasonable time.

The report recommends that in the long term HMRC should take responsibility for enforcing holiday pay for those on low pay and the Government should consider whether unauthorised deductions claims should also be state-enforced. HMRC should also take enforcement action to stamp out unaid internships.

Next steps

Although the Queen’s Speech made no specific commitment to bring forward legislation to implement the Taylor Review’s recommendations, it is widely predicted that the Government will take action to implement at least some of the Review’s proposals. However, without a majority, legislation in this area may be difficult to push through. Speaking at the launch of the report today, the Prime Minister said “When I commissioned this report I led a majority Government in the House of Commons. The reality I now face as prime minister is rather different. In this new context, it will be even more important to make the case for our policies and our values, and to win the battle of ideas both in parliament as well as in the country“.

Permanent link to this article:

Queen’s Speech unveils employment law changes

Today the Queen unveiled the Government’s legislative programme for the new two-year Parliament. This included a number of employment law reforms, aside from the impact of Brexit:

  • There will be a new national policy on immigration. However, there is currently very little detail about what the new policy will be. The Conservative party manifesto included an objective to reduce annual net migration to below 100,000, a commitment to double the Immigration Skills Charge levied on companies employing migrant workers to £2,000 a year by the end of the Parliament and to ask the independent Migration Advisory Committee to make recommendation about how the visa system can become better aligned with the Government’s modern industrial strategy, with a view to setting aside significant numbers of visas for workers in strategically-important sectors, such as digital technology. However, future immigration policy is an area where the DUP may seek to exert some influence and the immigration policy in respect of EU citizens is likely to evolve during the course of the Brexit negotiations.
  • The National Living Wage will be increased. The manifesto committed to a rise to 60% of median earnings by 2020 and then by the rate of median earnings.
  • The Government will enhance rights and protections in the modern workplace. The detail of this policy is likely to be informed by the Taylor Review on modern employment practices which is due to report imminently.
  • The Government will take further action to tackle the gender pay gap and discrimination. It is not clear what this will comprise. The manifesto said that the government would  require companies with more than 250 employees to publish more data on the pay gap between men and women and continue to work for parity in the number of public appointments going to women, as well as pushing for an increase in the number of women sitting on boards of companies. There were also references to helping disabled people into work.
  • There will be a new law on data protection. The new European GDPR will apply to the UK from May 2018, but will need to be replaced when the UK leaves the EU. The Government will need to either bring the GDPR directly into UK law in its current form, or introduce new rules with very similar principles, in order to ensure that the UK continues to have adequate data protection rules in the eyes of the EU. This is important to avoid any barrier to personal data flowing from the EU to the UK after Brexit and should not deter organisations from continuing their preparation for GDPR.

Permanent link to this article:

How to prepare for GDPR: Implementing a compliance programme

In the latest in our series of briefings on preparing for GDPR, we focus on the steps necessary to implement a GDPR compliance programme. With only one year to go until GDPR comes into force on 25 May 2018, it is vital that organisations take action now to ensure that they are ready to comply with GDPR, in order to be in a position to meet regulatory standards, and minimise risk.

The aim is to be compliant by 25 May 2018 but this may be challenging so it is sensible to focus on the most important and risky areas first. The key features of the implementation of a compliance programme are to:

  • Assemble a project team;
  • Assess potential areas of exposure in your current working processes;
  • Develop a clear plan of action to be ready for 2018;
  • Implement changes needed in a logical / prioritised manner; and
  • Establish an effective information governance framework to manage risk.

Assembling the team

Implementation of a GDPR compliance programme requires a substantial investment of money, organisational resources and management time. It is vital to identify key stakeholders and ensure that the organisation has board or senior management buy-in to support the project.

Employers should first determine whether or not a DPO must be appointed. Even if the organisation is not required to appoint a DPO, it should assign an individual the responsibility for compliance with data protection legislation. The data protection lead will then need to bring together a team from within the organisation with the necessary skills and expertise . Legal, HR, IT, and compliance teams will need to take an integrated approach. Technical and/or specialist support may be required to understand where the organisation currently holds personal data, and whether or not current systems are capable of operating within the parameters required to comply with the GDPR.

Once the team is in place, they will need to work with each business area to identify the specific privacy risks that the organisation is exposed to and how these can be mitigated or avoided.

Conducting an initial risk assessment

The first step is to undertake an assessment of current practice – how the business collects, uses and shares personal data and how you regulate all this effectively within the business (ie proper record keeping, training, guidance, audit processes).

The next step is to identify and prioritise the gaps between where the organisation is now and where it wants to be by reviewing existing data practices against GDPR requirements. This exercise should be used to assess the level of privacy risk that the organisation is exposed to, based on:

  • The amount and type of data processed (eg if it is sensitive personal data);
  • The reason for processing;
  • Who it is shared with (eg if it is transferred to processors or other parties); and
  • Locations in which processing occurs (eg if it is transferred outside the EEA).

Establishing a GDPR compliance action plan

Once the organisation has conducted an initial audit and risk assessment, the next step is to create an action plan and timeline for developing and implementing a GDPR compliance programme. This should include the following steps:

  • Prioritise compliance activity and remedial measures based on areas with the highest risk;
  • Create a data register to meet GDPR recordkeeping requirements;
  • Review systems and processes. Can the organisation’s IT systems and processes cope technically with the expanded individual rights?
  • Create and/or review privacy policies and procedures with clear and practical guidance on GDPR compliance;
  • Review and update current privacy notices;
  • Integrate privacy by design and default. Collect the minimum amount of information and consider privacy from the outset of each project involving personal data;
  • Prepare for data breach notifications. Develop a data breach response programme for prompt notification and investigation.
  • Provide training on data protection policies and procedures, and specific training for individuals who process data;
  • Implement regular audits against defined metrics (eg number of privacy complaints, completion of training, data breaches suffered) to assess the ongoing success of the compliance programme; and
  • Review staffing requirements for ongoing data protection compliance;

How we can help

DLA Piper’s employment team have a wide range of experience in the field of employer data privacy, and are actively involved in assisting clients to prepare for GDPR. We can help you to:

  • Identify existing data systems and the personal data processed throughout the employment lifecycle from recruitment to termination and beyond;
  • Understand the legal basis for processing and identify what will need to change to comply with the new regime;
  • Identify particular risk areas where use of data could be exploited to delay or disrupt business critical decisions; and
  • Develop and implement policies or changes to HR practices and procedures to manage potential GDPR issues and support compliance.


Permanent link to this article:

Practical impacts of GDPR on the employment relationship

In the next of our series of briefings on the General Data Protection Regulation (GDPR) we focus on some more of the practical impacts of GDPR on the employment relationship and what businesses can do to manage these and prepare for implementation by May 2018.

Data subject access requests

Under the GDPR, employees will have the right to much more detailed, transparent and accessible information about the processing of their data. Data subject access requests will be easier for employees. In most cases employers will not be able to charge for complying with a request and normally will have just a month to comply, rather than the current 40 days. The removal of the £10 subject access fee is a significant change from the existing rules under the Data Protection Act (DPA).

Where requests are complex a two month extension is possible, giving a total of three months to comply. Where requests are manifestly unfounded or excessive, in particular because they are repetitive, employers can  either charge a reasonable fee (not capped) taking into account the administrative costs of providing the information, or refuse to respond.

Guidance will hopefully give an indication in due course of what sorts of requests could be viewed as complex, unfounded or excessive. However, the ICO is very unlikely to consider a request from an employee as complex, unfounded or excessive, even if they are asking for all their data, unless they have made a previous request recently. The ICO will expect employers to keep information in a manner which means they can locate and supply information within the initial month.

Where an employer intends to delay the response or refuses to respond to a request, the employer must write promptly to the individual within the month explaining why the request is refused or delayed. The employer must also inform them of their right to complain to the supervisory authority and to a judicial remedy.

The DPA contains various exemptions to the duty to disclose such as in relation to legal privilege but at present, the GDPR contains no such exemptions which an employer can rely on to avoid provision of the employee’s personal data. It may be that, in the UK at least, the doctrine of privilege will ‘trump’ data protection rights, but that remains to be tested.

Employers need to update procedures and plan how to handle requests within the new timescales. The GDPR introduces a new best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information. This will not be appropriate for all organisations, but there are some sectors where this may work well. In any event the ICO will expect employers to keep employee personal data in a manner which means that requests for access can be responded to promptly.

What this means in practice is that employers will need sophisticated policies and IT systems to manage DSARs within reasonable timeframes. In order to prepare for compliance, employers should take steps now to:

  • Update procedures and plan how to handle SARs and provide any additional information within the new timescales;
  • Develop template response letters to ensure that all elements of a response to a SAR under the GDPR are complied with;
  • Assess the organisation’s ability to isolate data pertaining to a specific individual quickly and to provide data in compliance with the GDPR’s format obligations;
  • Ensure that employees are trained to recognise and respond quickly and appropriately to SARs.
  • Consider putting a ‘data subject access portal’ in place allowing an individual to access their information easily online.

Automated processing and profiling

Employees have a right under the GDPR to not be subject to a decision made solely by automated processing where that decision significantly affects them. This includes decisions based on profiling (any form of automated processing to evaluate certain personal aspects of individuals, in particular to analyse or predict indicators such as their performance at work, health, personal preferences, reliability, and behaviour).

The ICO recently published a discussion paper on profiling in which it set out its initial thoughts on where automated processing may significantly affect an employee. In their view this includes processing that:

  • Limits rights or denies an opportunity;
  • Affects individuals’ financial or economic status or circumstances;
  • Leaves individuals open to discrimination or unfair treatment;
  • Involves the analysis of the special categories of personal data or other intrusive data;
  • Causes, individuals to change their behaviour in a significant way; or
  • Has unlikely, unanticipated or unwanted consequences for individuals.

It is not difficult to see how these might be the outcome of automated processing of HR data. Areas where employers might currently use automated decision-making, which they should therefore review, include:

  • Recruitment, including automated rejection or shortlisting;
  • Performance management/triggers for sickness absence;
  • Eligibility for attendance bonuses;
  • Holiday or shift rostering;
  • Employee monitoring; and
  • Profiling, particularly where this may impact on selection for talent programmes or career progression rather than purely for development purposes.

From a practical perspective employers need to ensure that where they use automated decision making they can explain how it works and there is another way to make an equivalent assessment of the individual if he/she objects.

In our next briefing we will focus on how employers can audit existing data processing across the employment lifecycle in order to identify risk areas, and how to develop an action plan and timeline to develop and implement a GDPR compliance programme.

Permanent link to this article:

Preparing for the GDPR: New employee data subject rights could disrupt core HR procedures

The General Data Protection Regulation (GDPR), due to come into force throughout the EU including the UK on 25 May 2018, will force through a culture change in terms of attitudes to data privacy, according to the Information Commissioner Elizabeth Denham. Speaking at the Data Protection Practitioners’ Conference 2017, Denham warned that organisations risking damaging their brands and their business if they are seen to be cavalier with personal data: “If an organisation can’t demonstrate that good data protection is a cornerstone of their business policy and practices, they’re leaving themselves open to enforcement action that can damage their public reputation and possibly their bank balance. That makes data protection a boardroom issue.”

It is important to recognise that it is also a key HR issue. Data protection will become one of the major issues, and potentially source of disputes,  in the employment context in the next few years. Employers will need to adopt a whole new culture in relation to the processing of HR data in light of more restrictions on processing, new and strengthened rights for employees and much more stringent penalties.

Far from being a stand-alone issue or tick-box exercise requiring nothing more than updated data protection policies, data protection will impact the heart of the employment relationship and the operation of core HR projects and procedures.

The GDPR will make it difficult, if not impossible to rely on consent for processing in the employment context due to new and more restrictive conditions for consent and the ability to withdraw consent at any time.

The most commonly used basis for legal processing of HR data (beyond processing required by law) is therefore is likely to be legitimate interest. Employers will be able to show a legitimate interest in processing ordinary HR personal data for routine HR processes. However, employees have the right to object to their data being processed or to ask for it to be deleted where processing is based on legitimate interests grounds.  If this happens employers must stop the processing unless and until they have confirmed to the employee compelling grounds for the processing which overrides the objection.

Similarly, if employees challenge the accuracy of HR personal data processed by the employer, they can require cessation of processing or deletion of the data unless accuracy is verified.

Although in many cases the employer may be able to show an overriding need to process the data and that it is sufficiently accurate, the employer will be unable to process the data whilst this is established. These rights could be used by  employees individually or collectively to disrupt and delay HR processes such as appraisals, capability procedures, disciplinary and grievance proceedings, restructures and redundancy exercises and TUPE transfers.  Alternatively they may rely on unlawful processing to challenge management decisions in subsequent employment tribunal proceedings as well as making complaints to the Information Commissioner’s Office.

The risk for employers can be mitigated by ensuring that privacy considerations are embedded in each HR process and project, both in their design and in how they are operated.  To minimise the risk of the  disruption specifically highlighted above businesses should take the following steps as part of the wider review preparing for GDPR before it comes into force:

Legitimate Interest Objections

  • Understand where legitimate interest is the correct legal basis for HR data processing, the likelihood of objections, and whether there is likely to be an overriding compelling ground to continue processing in the event of an objection;
  • Establish a process for dealing with objections promptly and efficiently, being clear who has authority to make the judgment.

Accuracy Challenges

  • Consider how accuracy of data relied on by the business is ensured in each HR process and improve processes where necessary;
  • Build in opportunities to review accuracy or raise queries where appropriate; and
  • Establish an efficient process for dealing with accuracy challenges under GDPR including any verification required, authority for sign-off and responding to the employee.

These and other new and expanded rights under GDPR hugely increase the potential for data protection to be used as a weapon in the context of employment disputes and prospective areas of conflict. In future briefings we will focus on different practical impacts of GDPR on the employment relationship and what business can do to manage these and prepare for implementation by May 2018.

On a more general basis, the HR team needs to be an integral part of an organisation’s preparation for the GDPR. We can help you to:

  • Identify existing data systems and the personal data processed throughout the employment lifecycle from recruitment to termination and beyond;
  • Understand the legal basis for processing and identify what will need to change to comply with the new regime;
  • Identify particular risk areas where use of data could be exploited to delay or disrupt business critical decisions; and
  • Develop and implement policies or changes to HR practices and procedures to manage potential GDPR issues and support compliance.

Permanent link to this article:

The clock is now ticking for employers to publish their gender pay gaps

Today marks the beginning of the one year gender pay gap reporting countdown for every employer with  250 or more employees.

Within the next 12 months, each of these employers will have to wrestle with the Government’s new complex regulations, get to grips with the various calculations, and finally publish details of their gender pay gaps on both their own websites and a specially designated Government website.   For many, there will be nervousness in relation to how competitors are managing the process, how they will fare in comparison, and when to ‘push the button’ to make the results publically available.   Many employers will already have done a dry run of the calculations or otherwise have an informed idea of their existing pay gap.  4 April 2018 is the latest date on which the information can be formally published.

We have designed a quick 30 second survey to capture current information on median* gender pay gaps by sector.  We would be really grateful if you would take the time to complete the survey on a completely anonymous basis. We will publish any representative information in due course on our Be Aware website, with the aim of assisting employers to understand how they compare in their sector marketplace.

Access the survey

If you would like to speak to one of our experts on gender pay gap reporting, or would like a copy of our Snapshot publication on the new obligations, please email Clare Gregory or Kate Hodgkiss.

*regarded by the ONS as being most representative of the pay gap as it is less affected by numbers at the extreme ends of the spectrum


Permanent link to this article:

Older posts «