Member tool: CIPD Buddy BETA
Experiment with AI to find answers on this topic with our prototype. Login to explore CIPD Buddy

Essential points 

  • Data protection is about safeguarding important information and making sure it is used properly and legally.  
  • Employers can keep a range of personal information about their employees without seeking their permission including their name, address, date of birth, National Insurance number, emergency contact details and any disciplinary action taken against them. 
  • Organisations need their employees’ consent to keep sensitive information on them such as their race or ethnicity, religion, trade union membership, health and medical conditions and sexual orientation. 
  • Employers must keep employees’ personal data secure and up to date and have extra security in place to protect their sensitive personal data. 
  • Organisations must notify the ICO of all data breaches without undue delay and, where possible, within 72 hours. 
  • Employees have the right to be told what records are being kept on them, how they are used, and how their confidentiality is preserved.

To continue reading, log in or become a member

Affiliate membership offers instant access to CIPD resources without the need for assessments or study, or explore your options to become a professional member of the CIPD to demonstrate your commitment to the world of work.

  • Access to exclusive, up-to-date resources
  • Become part of a community to learn, debate and connect with other people professionals
  • Free access to a series of CIPD learning courses and a discount on the rest of our catalogue

Disclaimer 

Please note: While every care has been taken in compiling this content, CIPD cannot be held responsible for any errors or omissions. These notes are not intended to be a substitute for specific legal advice. 

Employment
law advice

Want more employment law advice? Members can phone the CIPD legal helpline or take out a discounted subscription to HR-inform for additional resources.

Callout Image

Related content on data protection

Data

Data hub

Explore the evidence behind workforce trends

Guide

People manager guide: Managing data protection requirements

This guide provides managers with an overview and principles to apply when handling GDPR and data protection requirements to ensure they play their part in complying with regulations governing its safe handling.

For Members
Factsheet

Data protection and GDPR in the workplace

Introduces data protection law in the UK, covering the obligations of employers and individual rights to accessing information

For Members
Factsheet

Retention of HR records

Introduces the legal issues in the UK around effective retention and organisation of HR records

For Members
Employment law

Access more employment law resources

Employment law

Maternity, paternity, shared parental and adoption leave and pay

Explore our collection of resources around parental rights, including commonly-asked questions and relevant case law, and download infographics on what you need to know about maternity leave and pay

For Members
Employment law

Menopause: UK employment law

UK legal position on menopause and perimenopause in the workplace

For Members
Employment law

Tracking UK law changes under the ERB

Keep up to date with what will change under the Employment Rights Bill, the Equality (Race and Disability) Bill and the plan to Make Work Pay

For Members
Employment law

Timetable of employment law changes UK

Keep up to date with the latest employment law developments and proposed future changes

For Members