This course provides HR professionals with a comprehensive understanding of data protection under the DPA 2018 and UK GDPR. It focuses on key compliance areas, including lawful processing, employee rights, data sharing, monitoring, breaches, and building a robust HR data protection framework. It highlights the legal framework governing HR data processing, including lawful basis, special category data, employee rights, data sharing, and retention policies.
The programme begins with an overview of key GDPR principles and HR’s role in demonstrating compliance. Attendees will explore lawful bases for processing employee data, including why consent is rarely appropriate in employment. The course then covers special category data, particularly in relation to occupational health, sickness records, and criminal background checks.
Participants will gain insights into handling Subject Access Requests (SARs), managing data sharing with third parties, and the legalities of employee monitoring (e.g., CCTV, email tracking, and biometric data). The session also addresses telephone recording, common HR data breaches, and incident response best practices.
The afternoon introduces DPIAs and RoPAs in HR, highlighting when they are required but without deep-diving into completion. The day concludes with HR records management, retention justifications, and best practices for secure disposal of data, ensuring HR teams can create an efficient data protection framework aligned with regulatory requirements.
KEY LEARNING OUTCOMES
By the end of this masterclass, you will understand how to:
Apply the key principles of data protection under the DPA 2018 and UK GDPR in HR processes.
Identify the appropriate lawful basis for processing employee data, including when consent is not required.
Manage special category data such as health records, DBS checks, and occupational health reports in compliance with legal requirements.
Respond effectively to Subject Access Requests (SARs) and other employee data rights under GDPR.
Understand the legalities of employee monitoring and telephone recording, ensuring compliance with privacy laws.
Handle data sharing with third parties, such as payroll providers, occupational health services, and legal advisors, while maintaining compliance.
Recognise common HR-related data breaches and implement strategies for prevention, reporting, and incident response.
Understand when DPIAs and RoPAs are necessary in HR, and how to document data processing activities.
Implement best practices for HR records management, including retention periods and secure disposal.
Build a compliant and efficient HR data protection framework, aligning policies and procedures with legal requirements a fairer working culture.
WHO SHOULD ATTEND
This course is designed for HR professionals, recruiters, and people managers who handle employee data and need to ensure compliance with the DPA 2018 & UK GDPR. It is also relevant for HR Directors, HR Business Partners, Compliance Officers, Data Protection Officers (DPOs), and Legal Advisors who oversee HR data governance, employee monitoring, and data retention policies.
FACILITATOR
Laura is an experienced data protection and privacy professional with IAPP CIPP/E, BCS Data Protection Practitioner, and Highfield Information Governance qualifications. She runs a UK-based consultancy offering training and consultancy services to organisations in the education and healthcare sector and beyond, across the UK, EU, and Middle East.
Passionate about simplifying complex topics, Laura prides herself on delivering relatable and engaging training, using visual methods to ensure clear understanding and lasting impact.
