Recruitment and managing staff records

You must keep any data you collect on staff secure - lock paper records in filing cabinets or set passwords for computer records, for example. Only keep the information for as long as you have a clear business need for it, and dispose of it securely afterwards - by shredding, for example. Recruiting staff You must give the name of your business and contact details (or those of the agency) on job adverts. Only collect the personal information you need on application forms, and do not ask for irrelevant information, like banking details. Example You will usually only have to ask about motoring offences if driving is part of the job. Only keep the information for recruitment - do not use it for a marketing mailing list, for example. Keeping staff records Make sure only appropriate staff, with the right training, can see staff records, and store sensitive information (such as health or criminal records) separately. Example Do not let managers access a worker鈥檚 sickness record if they only need to see a simple record of their absences. If you鈥檙e asked to provide a reference, check the worker or ex-staff member is happy for you to do so. Letting staff see their records Your staff have the right to ask for a copy of the information you hold about them . This includes information about grievance and disciplinary issues. You must respond to their request within 30 days. You may be able to withhold some information when responding to a request if the information concerns someone else - you need to protect someone who鈥檚 accused them of harassment, for example. Staff can complain if they think their information is being misused, and you could be ordered to pay a fine or compensation.

Monitoring staff at work

You must be able to justify monitoring staff at work, which could include: using CCTV keeping records of phone calls logging their email or internet use searching staff or their work areas Employees have rights at work and if you do not treat them fairly they could: take you to an employment tribunal complain to the Information Commissioner You must make them aware that they鈥檙e being monitored, and why - for example by sending them an email. Also explain your policies on things like using work computers or phones for personal use. Monitoring staff without their knowledge You can monitor staff without their knowledge if: you suspect they鈥檙e breaking the law letting them know about it would make it hard to detect the crime Only do this as part of a specific investigation, and stop when the investigation is over.

If your business uses CCTV , you must register your details with the Information Commissioner鈥檚 Office ( ICO ) and pay a data protection fee, unless you are exempt. Check if you need to pay the data protection fee . You must also: tell people they may be recorded, usually by displaying signs, which must be clearly visible and readable control who can see the recordings make sure the system is only used for the purpose it was intended for - for example, if it was set up to detect crime, you must not use it to monitor how much work your staff do The ICO has guidance with more details about CCTV . How to pay the fee You can register and pay the fee online . Letting people see CCTV recordings Anyone can ask to see images that you鈥檝e recorded of them. Usually, you must usually provide the footage free of charge within 1 calendar month. Find out more about CCTV and data protection rules . Data protection rules do not apply if you install a camera on your own home for household purposes - for example, to protect it from burglary. Find out more about using CCTV in the home .

Get advice on data protection

For more information and advice: read the Information Commissioner鈥檚 Office ( ICO ) guidance for organisations chat online with an advisor contact the ICO

Data protection and your business: Overview

Data protection and your business

Overview

You must follow rules on data protection if your business stores or uses personal information.

This applies to information kept on staff, customers and account holders, for example when you:

recruit staff
manage staff records
market your products or services
use CCTV

This could include:

keeping customers鈥� addresses on file
recording staff working hours
giving delivery information to a delivery company

For information on direct marketing, see marketing and advertising: the law.

Data protection rules

You must make sure the information is kept secure, accurate and up to date.

When you collect someone鈥檚 personal data you must tell them who you are and how you鈥檒l use their information, including if it鈥檚 being shared with other organisations.

You must also tell them that they have the right to:

see any information you hold about them and correct it if it鈥檚 wrong
request their data is deleted
request their data is not used for certain purposes

The main data protection rules are set out in the .

What you have to do

You must:

tell the Information Commissioner鈥檚 Office (ICO) how your business uses personal information
respond to a data protection request, if someone asks to see what information you have about them

You could be given a heavy fine or made to pay compensation if you misuse personal data.

View a printable version of the whole guide

188体育

Data protection and your business

Overview

Data protection rules

What you have to do

Is this page useful?

Help us improve 188体育

Help us improve 188体育

188体育

Cookies on 188体育

Data protection and your business

Overview

Data protection rules

What you have to do

Related content

Is this page useful?

Help us improve 188体育

Help us improve 188体育