The Data Protection and Equality Act - points to note…

Written By Layide Akin-Fadeni

Here is some information on how to handle protected information on employees from the UK Government website and legislation.gov.uk

The Data Protection Act 2018 controls how personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly, lawfully and transparently

  • used for specified, explicit purposes

  • used in a way that is adequate, relevant and limited to only what is necessary

  • accurate and, where necessary, kept up to date

  • kept for no longer than is necessary

  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • race

  • ethnic background

  • political opinions

  • religious beliefs

  • trade union membership

  • genetics

  • biometrics (where used for identification)

  • health

  • sex life or orientation

There are separate safeguards for personal data relating to criminal convictions and offences.

Employee rights

Under the Data Protection Act 2018, employees have the right to find out what information the government and other organisations store about them. These include the right to:

  • be informed about how your data is being used

  • access personal data

  • have incorrect data updated

  • have data erased

  • stop or restrict the processing of your data

  • data portability (allowing you to get and reuse your data for different services)

  • object to how your data is processed in certain circumstances

Employees also have rights when an organisation is using their personal data for:

  • automated decision-making processes (without human involvement)

  • profiling, for example to predict your behaviour or interests

Information about an employee is critical and it is important to ensure that it is used or distributed in the correct way in accordance with the law - specifically in relation to the Equality Act.

Protected characteristics:

  • Age

  • Disability

  • Gender reassignment

  • Marriage and civil partnership

  • Race

  • Religion or belief

  • Sex

  • Sexual orientation

Prohibited conduct:

  • Discrimination

    • Direct discrimination

    • Combined discrimination: dual characteristics

    • Discrimination arising from disability

    • Gender reassignment discrimination

    • Pregnancy and maternity discrimination

    • Indirect discrimination

  • Adjustments for disabled persons

    • Duty to make adjustments

    • Failure to comply with duty

    • Regulations

  • Discrimination: supplementary

    • Comparison by reference to circumstances

    • Irrelevance of alleged discriminator’s characteristics

    • Reference to particular strands of discrimination

  • Other prohibited conduct

    • Harassment

    • Victimisation

Harassment and victimisation can be perpetrated in number of different ways; for example, sometimes harassment/victimisation is by-proxy, i.e. the harassment/victimisation is performed not by the actual perpetrator but by third parties that are affiliated to, and/or working on behalf of, the perpetrator.

Layide Akin-Fadeni
Previous

How employers should handle sensitive and personal data / information about an employee.