Employers must ensure that personal data is processed in a fair and lawful way. For example, employers
There are also stronger legal safeguards in place for special categories of data including information about a person’s:
Data protection law also gives workers important individual rights, including the right to:
The law also places limits on when employers can use automated decision making in the workplace. Under the GDPR, automated decision-making systems can only be used if it is necessary for the performance of or entering into a contract; if it is authorised by law; or an individual has explicitly consented to it.
Individuals must be told when a decision has been taken solely using automated decision making and have the right to ask for the decision to be reviewed by a person in authority. Organisations using automated decision making should also carry our regular reviews and use appropriate procedures to prevent errors.
These rights could provide important safeguards in the gig economy where employers use algorithms to allocate work and set pay rates. There’s widespread concern these systems can be discriminatory and lead to unfair outcomes.
The Information Commissioner’s Employment Practices Code sets out helpful guidance on how data protection rules affect the workplace13 . This Code, however, does not have legal effect.
Want to hear about our latest news and blogs?
Sign up now to get it straight to your inbox
To access the admin area, you will need to setup two-factor authentication (TFA).