1 minute read
At a glance
About this guidance
This guidance discusses monitoring at work and data protection. It is primarily aimed at employers. The first part of this guidance explains your legal obligations if your organisation is considering or is already carrying out monitoring of workers. The second part addresses specific kinds of monitoring.
Advertisement
The guidance aims to:
• help provide greater regulatory certainty; • protect workers’ data protection rights; and • help employers to build trust with workers, customers and service users.
This guidance provides clarity and practical advice to help employers who are monitoring workers to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). The UK GDPR and the DPA 2018 do not prevent an employer from monitoring workers, but they must do any monitoring in a way which is compliant with data protection legislation. Public authorities and all bodies performing public functions should also consider the right to respect for a private and family life enshrined in Article 8 of the Human Rights Act 1998. This is increasingly important due to the rise of homeworking. Workers’ expectation of privacy are likely to be significantly greater at home than in the workplace and the risks of capturing family and private life information are higher.
At a glance
• The UK GDPR and the DPA 2018 do not prevent monitoring. They set out a framework for the collection and use of personal data. You must balance the level of intrusion against the needs of the employer, workers and members of the public. • Employers must make workers aware of the nature, extent and reasons for the monitoring unless exceptional circumstances mean that covert monitoring is necessary. • Employers must be clear about their purpose for monitoring. They must not use the information collected for a new purpose unless it is compatible with the original purpose in most circumstances. • Employers must carry out a data protection impact assessment (DPIA) for any monitoring that is likely to result in a high risk to the rights of workers and other people captured by the monitoring. Employers should keep this under review. Where a DPIA is not mandatory, employers should consider completing one anyway for good practice. The process helps you to make risk-based decisions and to meet your data protection obligations.
